How to anonymize users from LDAP in Jira(Server and Datacenter)
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When using external LDAP, such as Active Directory, users cannot be anonymized directly as they are managed externally.
Resolution
As external users, they need to be modified externally, so, to have the user anonymized, the first action is to move the user out from the search string performed by Jira or delete it. When this action is performed, though, the user can be deleted from Jira or left inactive (this last happen when the user is requestor, assignee or left comments in issues).
In this last scenario, now with the user inactive, we can perform the anonymization as the regular procedure.
Example
The user "myuser" was created in LDAP, synchronized with Jira, some issues were assigned to it and we followed the above procedure to anonymized it.
- User was created and sync'ed
- Anonymization failed as expected
- After removing the user in LDAP, as it is assignee of some issues, it was left inactive
- Now the anonymization can be performed
- And the entries will no longer indicate the previous user
Anonymize user via REST API
Users can also be anonymised via Rest API after they are removed from external LDAP and we need userKey as request parameter.
The userKey can be found from the app_user table, by below query
select * from app_user where lower_user_name like '%testuser%';Request to validate user anonymization process
GET <BASE_URL>/rest/api/2/user/anonymization?userKey=JIRAUSER10100&expand=affectedEntitiesResponse
{
"errors": {},
"warnings": {},
"expand": "affectedEntities",
"userKey": "JIRAUSER10100",
"userName": "testuser",
"displayName": "testuser",
"deleted": false,
"email": "testuser@xyz.com",
"success": true,
"affectedEntities": {
"ANONYMIZE": [
{
"type": "ANONYMIZE",
"description": "Full name in issue history"
},
{
"type": "ANONYMIZE",
"description": "User Profile",
"numberOfOccurrences": 1,
"uriDisplayName": "User Profile",
"uri": "<BASE_URL>/secure/ViewProfile.jspa?name=testuser"
},
{
"type": "ANONYMIZE",
"description": "Permission",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Person",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Issue",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Ability",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Stage",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Resource",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Team",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Saved View",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Program",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Skill",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Team",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Plan User Property",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Scenario Version",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Plan",
"numberOfOccurrences": 0
},
{
"type": "ANONYMIZE",
"description": "Person",
"numberOfOccurrences": 0
}
],
"TRANSFER_OWNERSHIP": [
{
"type": "TRANSFER_OWNERSHIP",
"description": "Permission",
"numberOfOccurrences": 0
},
{
"type": "TRANSFER_OWNERSHIP",
"description": "Plan",
"numberOfOccurrences": 0
},
{
"type": "TRANSFER_OWNERSHIP",
"description": "Program",
"numberOfOccurrences": 0
},
{
"type": "TRANSFER_OWNERSHIP",
"description": "Person",
"numberOfOccurrences": 0
}
]
},
"operations": [
"USER_NAME_CHANGE",
"USER_DISABLE",
"USER_TRANSFER_OWNERSHIP_PLUGIN_POINTS",
"USER_NAME_CHANGE_PLUGIN_POINTS",
"USER_ANONYMIZE_PLUGIN_POINTS",
"USER_EXTERNAL_ID_CHANGE"
],
"businessLogicValidationFailed": false
}Request to schedule a user anonymization process, please wait for some time till the process is completed:
POST <BASE_URL>/rest/api/2/user/anonymization?userKey=JIRAUSER10100&expand=affectedEntities
BODY:
{
"userKey": "JIRAUSER10100",
"newOwnerKey": "admin"
}Read more:
- Create, edit, or remove a user
- LDAP user deletion effect in Jira user base
- REST API user/anonymizationHide
Same applies to comment. Only users that left comments in issues are kept as inactive.