Anonymizing users

You can anonymize users in Jira to hide or delete any data that can identify them. Anonymization helps you stay compliant with General Data Protection Regulation (GDPR) and the “right to be forgotten, and is most often needed when somebody is leaving your organization and requests to have their personal data erased.

Compatible applications. When anonymizing users, we’ll change or erase their personal data in Jira Core, Jira Software, Jira Service Management, and Portfolio for Jira.

On this page:

What does the anonymization involve?

Every user in Jira is associated with some items they might have an issue assigned, be referenced in permission schemes, or mentioned in comments by their team members. Some pieces of user data are anonymized, while others are completely erased. You can find a full list of those items in the following sections and in Jira when you start anonymizing a user.

The two main things to understand for anonymized users are how we treat their:

  • Username: Changed into an anonymous, unrecognizable alias, like jirauser80900.

  • User profile: Completely anonymized and looks like a new user profile. The full name, which is often displayed around Jira, is given an anonymous alias. For example, user-ca31a.

The following are examples of a user Friendly Robot (username: friendlyrobot) that has been anonymized and is now user-ca31a (username: jirauser80900).

ExampleBeforeAfter
Issue reporter

Comment

User profile

User profile of Friendly robot.

Empty user profile.

Anonymizing a user

For all of the following procedures, you must be logged in as a user with the Jira administrator permissions. For details, see Permissions overview.

You can anonymize users in two ways. The method you use depends on whether the user is still active, or has been deleted.

You can anonymize users in two ways. The method you use depends on whether the user is still active, or has been deleted.

Whichever option you choose, you will be redirected to a separate Anonymize user page that shows details about the selected user and lists all associated items that will be transferred, anonymized, or deleted. Your user won’t be anonymized yet, so feel free to try it.

Anonymize active users

  1. In the upper-right corner of the screen, select Administration  > User Management

  2. In the User browser, find the user you want to anonymize, and then select ... > Anonymize user.

Anonymize deleted users

  1. In the upper-right corner of the screen, select Administration  > User Management. 

  2. Enter the username and select Anonymize. When anonymizing users that have been deleted, you'll see a DELETED label next to their username.

Understanding the scope of anonymization

Anonymize user page with annotations described below the image.

  1. Identify changes: You can select this button to search Jira for any items associated with a user and have them displayed here. This is optional, we will anonymize all of these items even if you don’t view them. You can see the complete list of items in What’s about to change after anonymization

  2. Transferring ownership: Some items owned by a user, like Project Lead or Component Lead, might break things if left without the owner. You’ll need to select a new owner here, and we’ll transfer the items for you. This section won’t be displayed if there’s nothing to transfer.

What's about to change after anonymization 

If you choose to display items associated with a user, they will typically be displayed in four sections:

tip/resting Created with Sketch.

If Jira doesn’t find the user’s data in any of the sections, they won’t be displayed at all. In that case, what you see may differ slightly from these examples.

Transferred items

Some items won’t work properly with inactive users, so you’ll need to choose a new owner for these items. For example, an inactive Component Lead might break the Default assignee option. You can choose any user with proper permissions, but it’s probably best to transfer them to a project admin or somebody who has taken over the tasks of the anonymized user.

Items that can be listed here
  • Project lead
  • Component lead
  • Filter subscriptions
  • + Custom items added by Marketplace apps

Anonymized items

Anonymized data includes items with any occurrences of the user’s name or username. As mentioned earlier, we’ll change these occurrences into an anonymous alias generated specifically for this user. The items themselves need to remain in Jira as they affect other areas or users — these are usually comments, work logs, workflows, and so on.

Items that can be listed here
  • User profile (anonymizing user data, such as email, name, display name, removing avatars, “remember me” tokens, user settings, and browsing history)
  • Workflows
  • Draft workflows
  • User key entries in the database
  • Comments
  • Work logs
  • Audit log
  • Board owners
  • Board admins
  • Card colors
  • Notifications (recipients)
  • Notifications (events)
  • Jira invitation emails
  • Atlassian Notifications messages
  • Atlassian Troubleshooting and Support Tools app
  • Webhooks
  • Jira activity stream
  • Hipchat app
  • + Custom items added by Marketplace apps

Deleted items

These items are specific to a user and don’t affect anybody else, so there’s no point in keeping them in Jira. These can be associations in various schemes (don’t worry, we won’t delete the schemes), personal filter subscriptions, or personal roles — the ones used only by this user. Once you anonymize the user, these will be gone forever.

Items that can be listed here
  • Personal project roles
  • Personal filter subscriptions
  • Occurrences in notification schemes
  • Occurrences in permission schemes
  • Permissions in shared filters and dashboards
  • Atlassian Notifications user properties
  • + Custom items added by Marketplace apps

Actions required on your side

Finally, there are items which we can’t anonymize, and you’ll need to change them manually. This section lists various items that include JQL queries with user’s personal data or data stored in 3rd party apps.

Anonymization limitations

Because of the following limitations, some personal data will not be anonymized. You can start anonymizing users, and then complete anonymizing the missing data once we release the fixes. To complete anonymizing these items later, you’ll need to retry the anonymization, which will anonymize only items that haven’t been anonymized before.

External user directories

Jira can't anonymize users that are stored in external user directories (like Crowd). You need to remove a user from the external directory, sync the directory with Jira, and only then anonymize them.

To view your user directories:

  1. In the upper-right corner of the screen select Administration > User management.
  2. On the left-side panel, select User directories.

JQL queries

Personal data that appears in JQL queries won’t be anonymized. Queries that are specific to Jira Service Desk will be shown in the Actions required on your side list, so it should be easy to edit them, but all the remaining ones won’t be included. You'll need to review all JQL queries and manually delete usernames if they appear inside.

Full names in issue history for recent users

When anonymizing users, most of the data that appears in the issue history will be anonymized. However, full names won't be anonymized for users who were created in Jira 8.4 or later, or who were created earlier and anonymized.

That's because Jira 8.4 changed the format of user keys. Full names for users created before this version will be anonymized.

Related issue: JRASERVER-71153 - Getting issue details... STATUS

Third-party apps

Personal data stored in 3rd party apps won't be anonymized by default. However, we’ve created extension points app vendors can use to be notified when a user is being anonymized and to anonymize the related data. To check if an app supports the anonymization, contact the vendor directly or check their documentation.

Previous limitations

The following limitations have already been fixed. 

Deleted users

This limitation has been FIXED

You can't anonymize users that have been deleted although information on the pages in Jira might suggest otherwise. We've planned to add this feature since the beginning but had to descope it eventually. 

(Fixed) Issue history

This limitation has been FIXED

Personal data might still appear in the issue history, which shows all past activity on an issue. For example, if an issue was reassigned from one user to another, both these users' original names will be shown in the history even if you anonymized them.

Text custom fields: Default values

This limitation has been FIXED

If a user has been set as a default value of a text custom field, this value won't be anonymized. You'll need to review your custom fields and change the default value manually.

Project description

This limitation has been FIXED

If a user is mentioned in the project description (Project settings > Details), this mention won't be anonymized. That's not a typical place where you'd mention a user, but be aware that this can happen.

Troubleshooting

If anonymization fails, user data may be partially anonymized. If you encounter this problem, you can use the audit log to find the partially anonymized user, and retry their anonymization.

For more information, see Retrying anonymization.

Known issues

Check out the following article for more details: An app was disabled when anonymizing a user.

REST APIs

You can also anonymize your users by using the REST API. 

For more information, see Anonymization REST API.

For app developers

If you’re an app developer, we have created extension points that will inform your app when an admin anonymizes a user in their Jira instance. This lets you take the appropriate steps to anonymize any user data stored in your app.

For more information, see Developer docs: Anonymizing users.

Last modified on Jun 14, 2022

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Powered by Confluence and Scroll Viewport.