Anonymizing users

You can anonymize users in Jira to hide or delete any data that can identify them. Anonymization helps you stay compliant with General Data Protection Regulation (GDPR) and the “right to be forgotten, and is most often needed when somebody is leaving your organization and requests to have their personal data erased.

Compatible applications

When anonymizing users, we’ll change or erase their personal data in: Jira Core, Jira Software, Jira Service Desk, and Portfolio for Jira.

What does the anonymization involve?

Every user in Jira is associated with some itemsthey might have an issue assigned, be referenced in permission schemes, or mentioned in comments by their teammates. Some pieces of user data are anonymized, while others are completely erased. We’ll list all of them below and in Jira when you start anonymizing a user.

The two main things to understand for anonymized users are how we treat their:

  • Username: Changed into an anonymous, unrecognizable alias, like jirauser80900.

  • User profile: Completely anonymized and looks like a new user profile. The full name, which is often displayed around Jira, is given an anonymous alias. For example, user-ca31a.

Here’s an example of a user Friendly Robot (username: friendlyrobot) who has been anonymized and is now user-ca31a (username: jirauser80900).

ExampleBeforeAfter
Issue reporter

Comment

User profile

User profile of Friendly robot.

Empty user profile.

Anonymizing a user

You need to be a Jira administrator to complete all of these tasks.

You can anonymize users in two ways. The method you use depends on whether the user is still active, or has been deleted.

Active users:

  1. Go to Administration > User management > Users.
  2. Find the user you want to anonymize, and select ... > Anonymize user.

Deleted users:

  1. Go to Administration > User management > Anonymization.
  2. Enter the username, and select Anonymize. When anonymizing users that have been deleted, you'll see a DELETED label next to their username.

Whichever option you choose, you will be redirected to a separate Anonymize user page that shows details about the chosen user and lists all associated items that will be transferred, anonymized, or deleted. Your user won’t be anonymized yet, so feel free to try it.

Understanding the scope of anonymization

Anonymize user page with annotations described below the image.

  1. Identify changes: You can click this button to search Jira for any items associated with a user and have them displayed here. This is optional, we will anonymize all of these items even if you don’t view them. You can see the complete list of items below.

  2. Transferring ownership: Some items owned by a user, like Project Lead or Component Lead, might break things if left without the owner. You’ll need to select a new owner here, and we’ll transfer the items for you. This section won’t be displayed if there’s nothing to transfer.

What's about to change

If you choose to display items associated with a user, they will typically be displayed in four sections:

  • Transferred items
  • Anonymized items
  • Deleted items
  • Actions required on your side.

tip/resting Created with Sketch.

If Jira doesn’t find the user’s data in any of the sections, they won’t display at all. In that case, what you see may differ slightly from these examples.

1. Transferred items

Some items won’t work properly with inactive users, so you’ll need to choose a new owner for these items. For example, an inactive Component Lead might break the Default assignee option. You can choose any user with proper permissions, but it’s probably best to transfer them to a project admin or somebody who has taken over the tasks of the anonymized user.

Items that can be listed here...
  • Project lead
  • Component lead
  • Filter subscriptions
  • + Custom items added by Marketplace apps

2. Anonymized items

Anonymized data includes items with any occurrences of the user’s name or username. As mentioned earlier, we’ll change these occurrences into an anonymous alias generated specifically for this user. The items themselves need to remain in Jira as they affect other areas or users — these are usually comments, work logs, workflows, and so on.

Items that can be listed here...
  • User profile (anonymizing user data, such as email, name, display name, removing avatars, “remember me” tokens, user settings, and browsing history)
  • Workflows
  • Draft workflows
  • User key entries in the database
  • Comments
  • Work logs
  • Audit log
  • Board owners
  • Board admins
  • Card colors
  • Notifications (recipients)
  • Notifications (events)
  • Jira invitation emails
  • Atlassian Notifications messages
  • Atlassian Troubleshooting and Support Tools app
  • Webhooks
  • Jira activity stream
  • Hipchat app
  • + Custom items added by Marketplace apps

3. Deleted items

These items are specific to a user and don’t affect anybody else, so there’s no point in keeping them in Jira. These can be associations in various schemes (don’t worry, we won’t delete the schemes), personal filter subscriptions, or personal roles — the ones used only by this user. Once you anonymize the user, these will be gone forever.

Items that can be listed here...
  • Personal project roles
  • Personal filter subscriptions
  • Occurrences in notification schemes
  • Occurrences in permission schemes
  • Permissions in shared filters and dashboards
  • Atlassian Notifications user properties
  • + Custom items added by Marketplace apps

4. Actions required on your side

Finally, there are items which we can’t anonymize, and you’ll need to change them manually. This section lists various items that include JQL queries with user’s personal data or data stored in 3rd party apps.

Limitations

External user directories

Jira can't anonymize users that are stored in external user directories. You need to remove a user from the external directory, sync the directory with Jira, and only then anonymize them. You can view your user directories in Administration () > User management > User directories.

JQL queries

Personal data that appears in JQL queries won’t be anonymized. Queries that are specific to Jira Service Desk will be shown on the Actions required on your side list, so it should be easy to edit them, but all the remaining ones won’t be included. You'll need to review all JQL queries and manually delete usernames if they appear inside.

Full names in issue history for recent users

When anonymizing users, most of the data that appears in the issue history will be anonymized. However, full names won't be anonymized for users who were created in Jira 8.4 or later, or who were created earlier and anonymized.

That's because Jira 8.4 changed the format of user keys. Full names for users created before this version will be anonymized.

Related issue: JRASERVER-71153 - Getting issue details... STATUS

3rd party apps

Personal data stored in 3rd party apps won't be anonymized by default. However, we’ve created extension points app vendors can use to be notified when a user is being anonymized and to anonymize the related data. To check if an app supports the anonymization, contact the vendor directly or check their documentation.

Because of these limitations, some personal data will not be anonymized. You can already anonymize your users, and then complete anonymizing the missing data once we release the fixes. To complete anonymizing these items later, you’ll need to retry the anonymization, which will anonymize only items that haven’t been anonymized before.

Previous limitations, already fixed: 

Deleted users

This limitation has been FIXED

You can't anonymize users that have been deleted although information on the pages in Jira might suggest otherwise. We've planned to add this feature since the beginning but had to descope it eventually. We're planning to fix this limitation in Jira 8.10.

(Fixed) Issue history

This limitation has been FIXED

Personal data might still appear in the issue history, which shows all past activity on an issue. For example, if an issue was reassigned from one user to another, both these users' original names will be shown in the history even if you anonymized them.

Text custom fields: Default values

This limitation has been FIXED

If a user has been set as a default value of a text custom field, this value won't be anonymized. You'll need to review your custom fields and change the default value manually.

Project description

This limitation has been FIXED

If a user is mentioned in the project description (Project settings > Details), this mention won't be anonymized. That's not a typical place where you'd mention a user, but be aware that this can happen.

Troubleshooting

If anonymization fails, user data may be partially anonymized. If you encounter this problem, you can use the audit log to find the partially anonymized user, and retry their anonymization.

For more info, see Retrying anonymization.

Known issues

Here are some known issues:

REST APIs

You can also anonymize your users by using the REST API. 

For more info, see Anonymization REST API.

For app developers

If you’re an app developer, we have created extension points that will inform your app when an admin anonymizes a user in their Jira instance. This lets you take the appropriate steps to anonymize any user data stored in your app.

For more info, see Developer docs: Anonymizing users.

Last modified on Jun 29, 2020

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Powered by Confluence and Scroll Viewport.