Bamboo: Data protection by design and by default
Article 25 of the GDPR sets forth the principle of data protection by design and by default. This is a broad principle with varying meaning and application depending on the context and type of personal data being processed. This principle is unique to each organization, and should always be evaluated with the assistance of legal counsel to determine all efforts required to comply. These efforts may include ensuring certain third party applications you use to process personal data are configured to default to the most privacy-friendly settings available whenever personal data is input. Below is a summary of relevant settings and configurations available through certain Atlassian products, and a discussion of any limitations.
The following document describes how a user's Personal Data (PD) may be accessible via Bamboo by the individual, Bamboo Administrators, Authenticated Users and others if the data is publicly accessible.
There are multiple sources of PD in Bamboo eg.: user profile, plans, results, deployment projects, environments, deployment versions, releases, repositories, shared credentials etc. for more comprehensive list please refer to Bamboo - Right to be forgotten. Administrators can control access to some of this PD as described below, using permission configuration settings.
By default when during first start-up (and later in system configuration) administrators can choose the mode that Bamboo is run with:
- Private - Only administrators can create and permit new users access.
- Public - Anyone can create a user and the user is provided automatic access.
Public means that anyone can sign-up (create an account) and by creating the account you gain the ability to browse user profiles - they are available to any logged in user (craft URL to view profile page). To check and disable public mode follow this guide and disable "Signup":
Access for "Anonymous" user
Another possibility for any user (even not logged in) to access personal data stored in Bamboo is the ability to configure Bamboo in such way that an anonymous user will be able to, for example, browse plans/results (that can contain personal data). To check if some anonymous access to Bamboo instance is granted, the administrator has to check global permissions if anonymous users view permission (https://confluence.atlassian.com/bamboo/bamboo-permissions-369296034.html):
Bamboo provides a large ecosystem of plugins, and Bamboo itself can be connected to various integrations.
Instance administrator should be able to pinpoint any plugins/integrations that are processing PD/can disclose PD to other systems e.g: plugins or any integration that you have on your instance.
A user has no control over the emails that he will receive and generate to other users as a result of, for example, notifications of failed builds.
Any user with the edit plan permission or the edit deployment project permission may add new notifications, including any email address.
An administrator can globally disable email notifications. See https://confluence.atlassian.com/bamboo/configuring-bamboo-to-send-smtp-email-289276984.html.
A user has no control over the messages that he will receive and generate to other users as a result of, for example, notifications of failed builds.
Any user with the edit plan permission or the edit deployment project permission may add new notifications using any IM address.
An administrator can globally disable IM notifications. See https://confluence.atlassian.com/bamboo/configuring-bamboo-to-use-instant-messaging-289276974.html.
Restricting viewing profile
Generally Bamboo offers no protection from viewing any user profile (username, full name, email, groups) by any other logged in user.
An administrator can restrict email from being displayed on the profile page by using global properties "Enable contact details to be displayed?" See https://confluence.atlassian.com/bamboo0603/displaying-full-details-about-users-939491968.html
An administrator can restrict access to Bamboo plans/ deployment projects assigning users/ groups to them (https://confluence.atlassian.com/bamboo/bamboo-permissions-369296034.html).
All workarounds are compatible with Bamboo 6.5 and later.
- There is no functionality that allows restricting access to profiles on a case-by-case basis. Profile access must be restricted for all users or no users, as set forth above.
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.