Anonymize database action
Following GDPR legislation, it is not allowed to have privacy related information available on non-production systems.
Anonymize database
For this reason, a generic Anonymize database action is available in System Settings > Security to scramble/purge the information for the above business objects.
The Anonymize database action is designed to anonymize data in non-production environments in one go. It is specifically designed to be used in either of the following situations:
• Shipping the database elsewhere to prevent sending potential sensitive and personal information to a third party, for example to Planon Support.
• Moving a production database to a non-production environment, where there is no need in having potential sensitive and personal information available. After anonymizing the database, default test data could be onboarded for use in test cases.
| • By clicking the generic Anonymize database, all instances of the business objects mentioned earlier, except for Accounts will be anonymized. • This functionality is available only for non-production environments. • To start generic anonymization, the general setting Stop end user access must be enabled. |
Database procedure
Instead of using the Anonymize database on a non-production environment, you can also anonymize the whole database by creating a backup of the production database and executing the following database procedure:
PLN_ANONYMIZE_ALL
What does the action do?
When using the Anonymize database action, the following actions will be carried out:
• All history is deleted.
• Fields that are part of database constraints ('check' or 'unique' constraints) are skipped and are not anonymized, the value remains as is. Examples of these are:
◦ Visitor status: has a check constraint to make sure it contains a valid status.
◦ The uniqueness constraint of fields, such as Code, within a property set for certain business objects.
• Date/Time fields get the value 1970-01-01 00:00:00.
• Number and Decimal fields are cleared when they are part of a foreign key and not mandatory.
• Number and Decimal fields are skipped when they are part of a foreign key and mandatory.
• Number and Decimal fields get the value 0 when they are not part of a foreign key.
• Text fields are cleared when they are not mandatory.
• Text fields get the value * when they are mandatory.
Accounts in database procedure
The database procedure allows the following accounts to remain usable so the database remains accesible:
• SUPERVISOR
• CLOUDADMIN
• AWMDATAENGINEADMIN
• EVENTCONNECTORADMIN
• EXCHANGEADMIN
• SCHEDULERENGINEADMIN
In addition, the accounts linked to the user group specified in the > > field will also retain access.