Crowd: Right to data portability

Introduction

Under limited circumstances, Article 20 of the GDPR allows a data subject to make a request of a data controller to transfer their personal data to another service provider. The right of the data subject to make this request under Article 20 is highly contextual and you should seek the advice of legal counsel in processing any such request. If you do require the ability to provide personal data in a format as required under Article 20, we suggest you use the content export functions available within the product to do so.

Description

Select data can be exported from Crowd via the REST API.


Version compatibility

All workarounds are compatible with Crowd 3.2 and later.


Workaround

Crowd administrators can export personal data for a user, using the /usermanagement REST API.

Retrieve user data
curl -H 'Accept: application/json' -u '<APPLICATION NAME>:<APPLICATION PASSWORD>' '<CROWD BASE URL>/rest/usermanagement/latest/user?username=<USERNAME>&expand=attributes'

Where <CROWD BASE URL> is the base url of your Crowd instance, <APPLICATION USERNAME> and <APPLICATION PASSWORD> are credentials for a Crowd application that is connected to a directory containing the user data, and USERNAME is the username of the user.

See Crowd REST API Reference for more details.


Crowd administrators can retrieve all entries in the Crowd audit log for a specific user, by using the REST API:

Get entries where the user is the author
curl '<CROWD BASE URL>/rest/admin/latest/auditlog/query' -u '<ADMIN USERNAME>:<ADMIN PASSWORD>' \
-H 'content-type: application/json' -H 'accept: application/json' \
--data-binary '{"authors":[{"id":<USER DATABASE ID>,"type":"USER"}]}'
Get entries where the user is the subject
curl '<CROWD BASE URL>/rest/admin/latest/auditlog/query' -u '<ADMIN USERNAME>:<ADMIN PASSWORD>' \
-H 'content-type: application/json' -H 'accept: application/json' \
--data-binary '{"users":[{"id":<USER DATABASE ID>}]}'

Where <CROWD BASE URL> is the base url of your Crowd instance, <ADMIN USERNAME> and <ADMIN PASSWORD> are Crowd administrator credentials, and <USER DATBASE ID> is the numeric identifier of the user in the Crowd database.

See Crowd REST API Reference for more details on querying the audit log. 


Additional notes

There may be limitations based on your product version.

Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.

Third-party add-ons may store personal data in their own database tables or on the filesystem.

The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.

If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.

Last modified on May 11, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.