Anonymizing Users

Follow

Aeon Anonymization Overview Video

At this time the functionality is only available to use via addons.

Anonymizing of users SHOULD NOT be used by any site using a common user database because the server addon cannot know the transactions in other databases.

Anonymizing Users is not reversible.

Extreme caution should be used when granting permissions.

Sites should ensure proper database backup procedures in place.

Database recovery is the only way to restore users & their associated data.

Anonymization of user data is common when sites want to break the link between users and their request history. Transactions are maintained and associated with anonymized users so that statistics and reporting is still functional.

 

Sites who are expecting Aeon to maintain data for security reviews (i.e. researchers checked in to reading rooms and which requests were checked out to them) should not use this functionality as anonymization will completely sever all ties to an individual user.
During anonymization, the following will always be modified:

Username:

The anonymized username will be a unique identifier with a prefix of "Anonymous_". E.g. Anonymous_874bf821-1cb9-426d-853e-4b5e8878dd10

Password:

The password is set to null to prevent login to the web interface.

UserImage:

All images associated with a user are purged. The UserImage column is set to null.

Cleared:

The cleared value will be Anonymous for all anonymized users.

Fields that are anonymized can be overwritten by addon developers.

The following are the default (& suggested) list of fields that should be anonymized to remove personally identifiable information:

FirstName 

LastName

Address

Address2

City

State

Zip

Country

SAddress

SAddress2

SCity

SState

SZip

SCountry

EMailAddress

Phone

Fax

ID

IDType

AltID

AltIDType

DateOfBirth

Organization

PasswordHint

Records are deleted from the following for the specific user being anonymized:

ActivityHistory

Alerts 

BillingGatewayTransactions

BillingGatewayTransactionLinks

EmailCopies

ProxyLink

ResearcherTags

UserAccountLinks

UserAttachments (& related FileInformation and Files)

UserChangeHistory

UserHistory

UserImages

UserNotes

UserValidation

WebSession

To maintain data for reports & statistics, the new anonymized username is updated in the following tables instead of deleting records:

Tracking

Transactions 

  • If the transaction has a researcher, but the transaction's user is being anonymized, the transaction is reassigned to the researcher.
  • If the transaction has a researcher who is being anonymized, the researcher is removed from the transaction, but the transaction continues to belong to the original owner.
Note that requests belonging to anonymized users are not modified other than to change the usernames associated with the request. i.e. The request is not routed to an alternate queue or considered finished because the user was anonymized.

Web changes for anonymized users

Users who are anonymized will have their password reset during the anonymization process. In addition, if other authentication methods are used, any user with a Clearance status of "Anonymous" is prevented from accessing the system and will instead be shown the page used when a user is disavowed: They are redirected to "DisavowedUsername.html" and the SLDisavowed status line will display in the <#STATUS> tag.

Staff client changes for anonymous users

A new color setting is available so that anonymous users will display differently in grids, similar to the functionality for alternate colors for blocked and disavowed users. By default, the color is DarkGray (the same default as Disavowed Users).
 
 
When viewing a user form for an anonymous user, all fields are considered read-only (by both the client and any addons that display on the user form). Changes are not permitted to be made to anonymous user records. All buttons in the ribbon are also disabled (with the exception of request specific functionality when viewing the user requests tab).
 
 
Requests belonging to anonymous users can be opened and modified if necessary, though it is suggested to keep requests for anonymized users in a finished state.

Questions?

If this article didn’t resolve your issue, please take a moment and answer a few questions to help improve our documentation:

Feedback