UtrechtUniversity
[FEATURE] Don't show all possible email addresses known in Yoda instance
Is your feature request related to a problem? Please describe.
When adding a new user to a research-group, one can see all kinds of user email addresses available in Yoda including personal email addresses. These addresses have not been included by the user themselves. The image below is from my test account in Yoda DGK at UU. The same is also true for Yoda@WUR which shows a much longer list of users when you for example search on gmail to add a user. Users have indicated that this is undesirable to be able to see private email addresses of others. I'm not sure how this relates to the GDPR either, I can imagine the system does not require showing email addresses to the user to function correctly (and hence data limitation is not applied?).
Describe the solution you'd like
Don't show email addresses that are not within the domain of the Yoda instance. So for Yoda at UU, only show [email protected] addresses, and for WUR only show [email protected] addresses. Do not show other domain addresses to the user.
Describe alternatives you've considered
You could make it more complicated and track who has entered which user and only show that list to the individual user, but that seems more convoluted.
Additional context
I thought this only occurred in Yoda at SURF, but seems to occur at Yoda at UU as well. SURF was notified about our issue, so there may be cross communication.
Perhaps partially related.
If in iCommands we do iadmin lu | grep john we get users that are known to the system but are not present anymore to any research folders (removed from any known research-group). Wouldn't this be in partial violation of the GDPR as well as it retains email address no longer required to function (does not concur with data minimization)?
Perhaps partially related. If in iCommands we do
iadmin lu | grep johnwe get users that are known to the system but are not present anymore to any research folders (removed from any known research-group). Wouldn't this be in partial violation of the GDPR as well as it retains email address no longer required to function (does not concur with data minimization)?
Currently this is up to the system administrator to clean up. But we are working on tooling to support this and eventually automate this. We have registered this in the internal tracker as ticket number YDA-2547 with target release v1.9.0.
Thanks! Would my initial issue also fall under that?
Don't show email addresses that are not within the domain of the Yoda instance. So for Yoda at UU, only show [email protected] addresses, and for WUR only show [email protected] addresses. Do not show other domain addresses to the user.
Not yet, for the initial issue we are still designing a solution. With the expanded permission model of iRODS 4.3 we think we can find a solution.
Currently this is up to the system administrator to clean up.
What is the best way of going about this? Are there specific iCommands to clean this up? Or is this something that SURF should do for Yoda@WUR?
We have created a script to list all users that are not a member of any existing groups: https://utrechtuniversity.github.io/yoda/administration/deprovision-users.html
I think it is possible to use this if you have rodsadmin access.
I'm probably blind and / or dumb, but where is that deprovision-users.r script?
You can find it here: https://github.com/UtrechtUniversity/yoda-ruleset/blob/development/tools/deprovision-users.r
It is not deployed by default on v1.8.x (but should work), but it will be on v1.9.