Anonymizing users
What does the anonymization involve?
Every user in Jira is associated with some items — they might have an issue assigned, be referenced in permission schemes, or mentioned in comments by their team members. Some pieces of user data are anonymized, while others are completely erased. We’ll list all of them in the following sections and in Jira when you start anonymizing a user.
There are two main things to understand for anonymized users are how we treat their:
Username: Changed into an anonymous, unrecognizable alias, like jirauser80900.
User profile: Completely anonymized and looks like a new user profile. The full name, which is often displayed around Jira, is given an anonymous alias. For example, user-ca31a.
The following are examples of a user Friendly Robot (username: friendlyrobot) that has been anonymized and is now user-21d5b (username: jirauser80900).
Example | Before | After |
---|---|---|
Issue reporter | ||
Comment | ||
User profile |
Anonymizing a user
For all of the following procedures, you must be logged in as a user with the Jira administrator permissions. For details, see Permissions overview.
You can anonymize users in two ways. The method you use depends on whether the user is still active, or has been deleted.
Whichever option you choose, you will be redirected to a separate Anonymize user page that shows details about the selected user and lists all associated items that will be transferred, anonymized, or deleted. Your user won’t be anonymized yet, so feel free to try it.
Anonymize active users
- In the upper-right corner of the screen, select Administration > User management.
- In the User browser, find the user you want to anonymize, and then select ... > Anonymize user.
Anonymize deleted users
- In the upper-right corner of the screen, select Administration> User management.
- Enter the username and select Anonymize. When anonymizing users that have been deleted, you'll see a DELETED label next to their username.
Understanding the scope of anonymization
Identify changes: You can click this button to search Jira for any items associated with a user and have them displayed here. This is optional, we will anonymize all of these items even if you don’t view them. You can see the complete list of items in What’s about to change after anonymization.
Transferring ownership: Some items owned by a user, like Project Lead or Component Lead, might break things if left without the owner. You’ll need to select a new owner here, and we’ll transfer the items for you.
What's about to change after anonymization
If you choose to display items associated with a user, they will typically be displayed in four sections:
If Jira doesn’t find the user’s data in any of the sections, these items won’t be displayed at all. In that case, what you see may differ slightly from these examples.
Transferred items
Some items won’t work properly with inactive users, so you’ll need to choose a new owner for these items. For example, an inactive Component Lead might break the Default assignee option. You can choose any user with proper permissions, but it’s probably best to transfer them to a project admin or somebody who has taken over the tasks of the anonymized user.
Anonymized items
Anonymized data includes items with any occurrences of the user’s name or username. As mentioned earlier, we’ll change these occurrences into an anonymous alias generated specifically for this user. The items themselves need to remain in Jira as they affect other areas or users — these are usually comments, work logs, workflows, and so on.
Deleted items
These items are specific to a user and don’t affect anybody else, so there’s no point in keeping them in Jira. These can be associations in various schemes (don’t worry, we won’t delete the schemes), personal filter subscriptions, or personal roles — the ones used only by this user. Once you anonymize the user, these will be gone forever.
Actions required on your side
Finally, there are items which we can’t anonymize, and you’ll need to change them manually. This section lists various items that include JQL queries with user’s personal data or data stored in 3rd party apps.
Anonymization limitations
Because of the following limitations, some personal data will not be anonymized. You can start anonymizing users, and then complete anonymizing the missing data once we release the fixes. To complete anonymizing these items later, you’ll need to retry the anonymization, which will anonymize only items that haven’t been anonymized before.
External user directories
Jira can't anonymize users that are stored in external user directories (like Crowd). You need to remove a user from the external directory, sync the directory with Jira, and only then anonymize them.
To view your user directories:
- In the upper-right corner of the screen select Administration > User management.
- On the left-side panel, select User directories.
Some user keys in Insight - Asset Management
Insight - Asset Management is an app bundled with Jira Service Management Data Center 4.15 and later. It’s also available for earlier Data Center versions.
In some cases, when you anonymize users, their user keys won’t be anonymized in Insight - Asset Management. This affects user keys of users created before Jira Service Management 4.7 (or Jira Core and Jira Software 8.7). In these versions, user keys look the same as usernames, so some personal data might be visible. Users created in later versions will be fully anonymized in Insight - Asset Management as well. The reason for this difference is that later versions use a different pattern for usernames and user keys, and in this case, we’re only able to anonymize the new pattern.
JQL queries
Personal data that appears in JQL queries won’t be anonymized. Queries that are specific to Jira Service Management will be shown in the Actions required on your side list, so it should be easy to edit them, but all the remaining ones won’t be included. You'll need to review all JQL queries and manually delete usernames if they appear inside.
Full names in issue history for recent users
When anonymizing users, most of the data that appears in the issue history will be anonymized. However, full names won't be anonymized for users who were created in Jira 8.4 or later, or who were created earlier and anonymized.
That's because Jira 8.4 changed the format of user keys. Full names for users created before this version will be anonymized.
Related issue: JRASERVER-71153 - Getting issue details... STATUS
Third-party apps
Personal data stored in 3rd party apps won't be anonymized by default. However, we’ve created extension points app vendors can use to be notified when a user is being anonymized and to anonymize the related data. To check if an app supports the anonymization, contact the vendor directly or check their documentation.
Previous limitations
The following limitations have already been fixed.
Troubleshooting
If anonymization fails, user data may be partially anonymized. If you encounter this problem, you can use the audit log to find the partially anonymized user, and retry their anonymization.
For more information, see Retrying anonymization.
Known issues
Check out the following article for more details: An app was disabled when anonymizing a user.
APIs
You can also anonymize your users by using the API.
For more information, see Anonymization API.
For app developers
If you’re an app developer, we have created extension points that will inform your app when an admin anonymizes a user in their Jira instance. This lets you take the appropriate steps to anonymize any user data stored in your app.
For more information, see Developer docs: Anonymizing users.