Right to Restriction of Processing - rtr.exe
Name
rtr - YSoft SafeQ 6 GDPR Right to Restriction CLI
Synopsis
rta [-u login] [-n] [-R] [-r numRetries] [-V] [-l logFileName] [--log-file-trace logFileName] [--log-file-debug logFileName] [--log-file-info logFileName] [--log-file-warning logFileName] [--log-file-error logFileName] [--log-file-critical logFileName] [--version]
Description
YSoft SafeQ 6 - GDPR Right to Restriction of Processing CLI. An Administrator can restrict further processing of a Data Subject in YSoft SafeQ by replacing the user's login and personal data with a pseudonym. Note that doing so will prevent the user from continuing to use the solution, and should only be used if the user is not expected to interact with YSoft SafeQ while their data is restricted.
A separate database must be created and properly configured so that the application can store mapping tables between the Pseudonym and the actual Data Subject. The restricted database can be either PGSQL or MSSQL, A companion configuration file, rtr-db.conf, must be modified by the database administrator with the proper connection information. The password can be encoded using the widget on the Management server's dashboard. The first time the application is run with a successful connection to the restricted database, the user will be asked to create the schema. Consult with your company's legal team on ensuring the database is isolated and properly protected from processing by unauthorized third parties.
Tables impacted include:
Print Jobs: Job titles, file names, and origins will be changed to RESTRICTED. Favorited jobs will be un-favorited.
Cards: Cards and PINs associated with the Data Subject will be removed.
Aliases: Any aliases will be removed.
Terminal Accesses: Any records of accessing terminals will be removed.
Data Warehouse: References to the Data Subject in the Data Warehouse and the DataMart will be changed to RESTRICTED
User: Name, surname, home directory, email, password (if relevant), extended ID, and notes will set to RESTRICTED or cleared out. The login will be changed to a pseudonym.
Mobile Terminal Tokens and Codes will be completely removed. Users will need to be issued new tokens or codes.
The Data Subject's user login is pseudonymized, and still unique. All pseudonymized users will have a login of "restricted_" followed by a large random number. Due to the uniqueness of each customer environment and identity management systems, it may still be possible to identify a Data Subject using knowledge aggregated from systems outside of YSoft SafeQ. As an example, a user may be the only member of a Cost Center, or may have been known to be the only person to print at a specific time.
Records in log files on YSoft SafeQ servers will not be pseudonymized. However, the logs will be rotated out and the user will eventually have their data removed. Any previously exported reports will also not be pseudonymized.
Options
-u, --user <login> User to remove from the system
-n, --no-prompt Do not prompt for confirmation
-o, --outputDir <directory> Output directory for the report to be delivered to
-R Lift the restirction of processing on the user
-r, --random-retries <Number> The number of times to generate a random number until failure. Default 1000.
-V, -VV, -VVV Increase logging level to (-V) INFO, (-VV) DEBUG, or (-VVV) TRACE.
-l, --log <logFileName> Specify the log file where output will be sent
--log-file-trace <logFileName> Specify the log file where trace level logging will be sent
--log-file-debug <logFileName> Specify the log file where debug level logging will be sent
--log-file-info <logFileName> Specify the log file where info level logging will be sent
--log-file-warning <logFileName> Specify the log file where warning level logging will be sent
--log-file-error <logFileName> Specify the log file where error level logging will be sent
--log-file-critical <logFileName> Specify the log file where critical level logging will be sent
--version Print version and exit