[Bug 21191] New: GDPR: Script to block inactive users (with no successful logins on a defined period)
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Bug ID: 21191 Summary: GDPR: Script to block inactive users (with no successful logins on a defined period) Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: vfernandes@keep.pt QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Under the auspices of the recently issued European legislation regarding data privacy (GDPR), the Portuguese government has issued a series of mandatory requirements, as well as general recommendations, for software applications that are implemented under the umbrella of public bodies (RCM 41/2018). Since Koha is mostly used by municipalities and universities in Portugal, some of these mandatory requirements need to be address by Koha implementers in Portugal. We believe that this requirement is also useful for the community at large. Here’s a description of the requirement. *** Requirement description *** The application MUST record the time of a user last logged in. It should have a method to inactivate users that haven’t logged into the application for over X number of months (new setting). *** Scope *** Applies to implementations where user authentication is handled by Koha. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Vitor Fernandes <vfernandes@keep.pt> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |21190 Priority|P5 - low |P2 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 [Bug 21190] GDPR: Log successful/unsuccessful login attempts -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Magnus Enger <magnus@libriotech.no> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |magnus@libriotech.no --- Comment #1 from Magnus Enger <magnus@libriotech.no> --- What do you mean by "inactivate users"? I am no expert on GDPR, but from what I have seen, I would expect the requirement to be that patrons who have not been active for a given period of time should be deleted completely, also from the deletedborrowers table? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Joonas Kylmälä <joonas.kylmala@helsinki.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joonas.kylmala@helsinki.fi --- Comment #2 from Joonas Kylmälä <joonas.kylmala@helsinki.fi> --- The last logon time is recorded in Koha if one enables it in preferences (TrackLastPatronActivity). It's also possible to delete patron information based on the last logon time with delete_patrons.pl cronjob. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 --- Comment #3 from Vitor Fernandes <vfernandes@keep.pt> --- The legislation says that the users should be blocked (debarred) after some months of inactivity. Few months later they can be removed/deleted if they are still inactive. TrackLastPatronActivity should be enough to create a script to block all inactive users. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #4 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Hi Vitor, for documentation purposes, could you add a link to a source here? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 --- Comment #5 from Vitor Fernandes <vfernandes@keep.pt> --- The official document can be found in this link: https://dre.pt/application/conteudo/114937034 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=21336 CC| |m.de.rooy@rijksmuseum.nl --- Comment #6 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Adding a see also to bug 21336 (processing unsubscribes). There is a considerable overlap with this report. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 --- Comment #7 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Bug 21336 adds a Patrons method lock (wrapper for Koha Patron lock). So you only need to add a simple search. Something like: Koha::Patrons->search({ login_attempts => { '>=', pref_value }, lastseen => { '<', some_date }) -> lock; Lock adds the option expire => 1 setting the expire date. Effectively disallowing holds, issues, etc. And the option remove => 1 for removing holds and article requests. So most work done already.. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |21336 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21336 [Bug 21336] GDPR: Process unsubscribe requests automatically -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Bug 21191 depends on bug 21336, which changed state. Bug 21336 Summary: GDPR: Handle unsubscribe requests automatically by optional (administrative) lock, anonymize and remove https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21336 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|21190 | See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=21190 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1] -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org