Versions Compared

Old Version 3

changes.mady.by.user Anil Gupta

Saved on

compared with

New Version 4

changes.mady.by.user Akash Shah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This wiki explains the design for delete user account feature. As of now there is no hard delete of user profile flow available in Sunbird. At present, we have functionality to BLOCK/UNBLOCK users.

Background & Problem Statement

Sunbird supports the mobile app for Android and iOS. As per the latest policy update of the Apple App Store and Google Play Store, mandates the user deletion from the app, if the app is having the signup from app. The specific policy mandates can be found using the following links:

Registered users must have access to a "Delete Account" option on both the app and the portal. This option will allow them to initiate the account deletion process themselves.

Key Design Problems

User should not able to do the following things after successful deletion of account:

...

User should not be able to login by using the existing login credentials post account deletion.

...

Any of the Personally Identifiable Information (PII) of the user, such as name, email, and phone number should not be available in any DB in any format (even encrypted format).

...

Other than PII data should not be deleted. User transactional data and user created contents (usage, rating etc) are to be retained.

...

Certificates issued to the deleted users should not be accessible, but should be verifiable. (Storing only the name of the user in Sunbird RC to display in certificate).

...

External id of the SSO user should be removed.

...

List the deleted user list to admin dashboard.

...

Introduction

This wiki explains the design for delete user account feature. As of now there is no hard delete of user profile flow available in Sunbird. At present, we have functionality to BLOCK/UNBLOCK users.

Background & Problem Statement

Sunbird supports the mobile app for Android and iOS. As per the latest policy update of the Apple App Store and Google Play Store, mandates the user deletion from the app, if the app is having the signup from app. The specific policy mandates can be found using the following links:

Registered users must have access to a "Delete Account" option on both the app and the portal. This option will allow them to initiate the account deletion process themselves.

Key Design Problems

User should not able to do the following things after successful deletion of account:

  • User should not be able to login by using the existing login credentials post account deletion.

  • Any of the Personally Identifiable Information (PII) of the user, such as name, email, and phone number should not be available in any DB in any format (even encrypted format).

  • Other than PII data should not be deleted. User transactional data and user created contents (usage, rating etc) are to be retained.

  • Certificates issued to the deleted users should not be accessible, but should be verifiable. (Storing only the name of the user in Sunbird RC to display in certificate).

  • External id of the SSO user should be removed.

  • List the deleted user list to admin dashboard.

  • Deleted user’s asset should be transferred to the other user after successful deletion.

...

Code Block
{
  "eid": "BE_JOB_REQUEST",
  "ets": 1619527882745,
  "mid": "LP.1619527882745.32dc378a-430f-49f6-83b5-bd73b767ad36",
  "actor": {
    "id": "ownership-transfer",
    "type": "System"
  },
  "context": {
    "channel": "01309282781705830427",
    "pdata": {
      "id": "org.sunbird.platform",
      "ver": "1.0"
    },
    "env": "dev"
  },
  "object": {
    "id": "do_11329603741667328018",
    "type": "OwnershipTransfer"
  },
  "edata": {
    "organisationId": "{{organisationId}}"
    "fromUserId": "{{FROM_UUID}}",
    "toUserId": "{{TO_UUID}}",
    "asset": [],
    "action": "ownership-transfer",
    "iteration": 1
  }
}

  • Update the status to PROCESSING in sunbird.user_ownership_transfer table.

  • Asset

    • Fetch the list of created content/course/batch by fromUserId, using the composite search API.

    • Update the createdBy and creator using content system update API.

  • Batch

    • Fetch the list of open and ongoing batches created by fromUserId from sunbird_courses.course_batch table.

    • Update the user entry in sunbird_courses.course_batch table for open and ongoing batches only.

      • createdby

    • If the user is added as a course mentors to any batch, than use the search API to find out the batches and than remove the userId from mentors column in sunbird_courses.course_batch table.

  • Groups - Transfer the ownership to any other group admin if any other group admin is available else 1st assign the admin to any member and then transfer the ownership.

  • Update the status to COMPLETED.

Ownership Transfer Table

Code Block
CREATE TABLE sunbird.user_ownership_transfer(
    organisationId text,
	userId text,
	username text,
	roles list<text>,
	toUserId text,
	toUsername text,
	status int,
	createdDate text,
	createdBy text,
	updatedDate text,
	updatedBy text,
	summary text,
 PRIMARY KEY (organisationId, userId)
 );

status

...

0 - SUBMITTED

...

1 - PROCESSING

...

"fromUserId": "{{FROM_UUID}}",
    "toUserId": "{{TO_UUID}}",
    "asset": [],
    "action": "ownership-transfer",
    "iteration": 1
  }
}

  • Update the status to PROCESSING in sunbird.user_ownership_transfer table.

  • Asset

    • Fetch the list of created content/course/batch by fromUserId, using the composite search API.

    • Update the createdBy and creator using content system update API.

  • Batch

    • Fetch the list of open and ongoing batches created by fromUserId from sunbird_courses.course_batch table.

    • Update the user entry in sunbird_courses.course_batch table for open and ongoing batches only.

      • createdby

    • If the user is added as a course mentors to any batch, than use the search API to find out the batches and than remove the userId from mentors column in sunbird_courses.course_batch table.

  • Groups - Transfer the ownership to any other group admin if any other group admin is available else 1st assign the admin to any member and then transfer the ownership.

  • Update the status to COMPLETED.

Ownership Transfer Table

Code Block
CREATE TABLE sunbird.user_ownership_transfer(
    organisationId text,
	userId text,
	username text,
	roles list<text>,
	toUserId text,
	toUsername text,
	status int,
	createdDate text,
	createdBy text,
	updatedDate text,
	updatedBy text,
	summary text,
 PRIMARY KEY (organisationId, userId)
 );

  • status

    • 0 - SUBMITTED

    • 1 - PROCESSING

    • 2 - COMPLETED

Manage Learn -

As part of the Manage Learn use case, the user’s PII data is captured and/or used in the below-mentioned workflows -

  1. A complete snapshot of a user’s profile which includes name (first and last name) as well as masked email and phone is captured under various collections in MongoDB (observations, projects, survey, and programUsers) at the start of any transaction i.e. the moment a user starts working on a survey, or project or decides to join a program. This is done to give the Program manager the details of the user as it was when he/she started working on the resource and is not affected by his/her profile change later. This means a user’s name, location, role, and sub roles which is later used for certificate generation using Sunbird RC is the same when he/she started the resource.

  2. When the Program Manager requests reports via the Program Dashboard about the details of each and every user who has worked on a resource or has joined the program, the user’s email and phone along with the name is provided via a CSV using the Lern Data Product. These details are fetched in real-time at the moment of generating the on-demand report from the common and shared Redis and Cassandra storage. No change is required here since the expectation is user’s name, email phone will be deleted from the common storage and replaced with the “Deleted User” string, We will just need to test this once to confirm the entry from the reports is not removed but just the PII data is removed.

Info

Note - No other place in Logs, Druid, ES or Neo4j does Manage Learn workflow write to

As part of the user delete flow we plan to implement the following changes in the Mangage Learn side:-

  • Build a Kafka consumer in each micro-service (Survey, Projects, and ML Core) to listen to Kafka events on topic - TBD Point 4 which will do the following thing.

    • Check if any transactions are recorded for this user and if yes, remove all user name, email, and phone entries based on the userId from all collections i.e. projects, surveySubmissions, observations, observationSubmissions, and programUsers of MongoDB.

    • Update the status via API in sunbird.user_deletion_status table. Refer - TBD Point 2

  • Build a Kafka consumer in each micro-service (Survey, Projects, and ML Core) to listen to Kafka events on topic - {{envName}}.tranfer.ownership.job.request which will do the following thing.

    • Check if any assets are owned by the deleted user and that the new owner has required platform roles (i.e. Program Manager or Program Designer), if yes update the owner/author in the collections i.e. programs, solutions of MongoDB.

    • Update the status via API in sunbird.user_ownership_transfer table. Refer - TBD Point 3

TBD

  • Cron Job:

    • Run on specific interval intervals to do the sanity check of deletion.

  • API for other services to insert/update the data in sunbird.user_deletion_status table.

...

  • API for other services to insert/update the data in sunbird.user_ownership_transfer table.

  • Kafka topic and event structure to notify BBs and services about user deletion activity.

Checklist:

  • Check with Cokreat regarding user PII information stored as part of program - No PII data is stored as part of program program.

  • Check-in all the services, where user PII data is logged.

  • Check the discussion forum for PII data

...