Configuration¶
Configuration is done in Lime Admin. Most of the configuration is validated, and error messages will show what has to be fixed.
Only supported property types will be selectable. The unsupported property types are: xml, hasone, hasmany, hasandbelongstomany, user, file. Note that date type properties cannot be edited in the portal and that they will be set to their default value when anonymized.
It's important to understand the configuration since the customer would probably want to customize what data should be published in the portal/Excel/JSON.
Nomenclature and hierarchy¶
Each configuration always has a base limetype, in most cases person. The base limetype has related limetypes (such as history notes). Consent is handled by relations to consent limetypes.
BASE LIMETYPE RELATED LIMETYPE(S) CONSENT RELATION(S)
person history consent
document
participant
deal
BASE LIMETYPE RELATED LIMETYPE(S) CONSENT RELATION(S)
company history consent
document
deal
BASE LIMETYPE RELATED LIMETYPE(S) CONSENT RELATION(S)
member course consent
activity
As seen above, it's possible to configure several base limetypes. For example, it's not uncommon that small businesses in the company table contain GDPR sensitive data.
Limetypes¶
"limetypes": [
{
"name": "", // NAME OF BASE LIMETYPE
"client_permissions": {}, // CLIENT PERMISSIONS
"token_permissions": {}, // TOKEN PERMISSIONS
..
BASE LIMETYPE SETTINGS
..
"related_limetypes": [ // RELATED LIMETYPES
{
"name": "" // RELATED LIMETYPE NAME
..
RELATED LIMETYPE SETTINGS
..
}
],
"consent_relations": [ // CONSENT RELATIONS
{
"name": "" // NAME OF THE RELATION PROPERTY TO CONSENT ON THE BASE LIMETYPE
..
CONSENT RELATION SETTINGS
..
}
]
}
],
"impersonate": "",
"translation_overrides": []
Base limetype configuration¶
Here's an example configuration (excluding related_limetypes, consent_relations and translation_overrides). This is for reference only and should not be copy/pasted into Lime Admin.
{
"name": "person",
"token_permissions": {
"anonymize": false,
"anonymize_request": true,
"create_consent": true,
"delete_consent": true,
"read_consent_note": true,
"delete": false,
"excel_export": true,
"json_export": false,
"update": false
},
"propertyAnonymizeddate": "anonymizeddate",
"propertyExpireddate": "expireddate",
"expiredays": 30,
"tokenhours": 1,
"invisible": false,
"disable_save": false,
"portal_base_url": null,
"client_permissions": {
"anonymize": [
"Administrators"
],
"createAnonymizeRequest": [
"Administrators",
"Users"
],
"deleteAnonymizeRequest": [
"Administrators",
"Users"
],
"downloadExcel": [
"Administrators",
"Users"
],
"downloadJson": [
"Administrators",
"Users"
],
"token": [
"Administrators"
]
},
"properties": [
{
"anonymize": true,
"replacewith": "PersonX",
"searchfor": true,
"name": "firstname",
"email": false,
"invisible": false,
"readonly": false
},
{
"anonymize": true,
"replacewith": "X-SON",
"searchfor": true,
"name": "lastname",
"email": false,
"invisible": false,
"readonly": false
},
{
"anonymize": true,
"replacewith": "ANONYMIZED",
"searchfor": true,
"name": "phone",
"email": false,
"invisible": false,
"readonly": false
},
{
"anonymize": true,
"replacewith": "ANONYMIZED",
"searchfor": true,
"name": "mobilephone",
"email": false,
"invisible": false,
"readonly": false
},
{
"anonymize": true,
"replacewith": "ANONYMIZED",
"searchfor": true,
"name": "email",
"email": false,
"invisible": false,
"readonly": false
},
{
"anonymize": true,
"searchfor": false,
"name": "company",
"replacewith": "unlink",
"email": false,
"invisible": false,
"readonly": false
},
],
"related_limetypes": [],
"consent_relations": []
}
| Parameter | Value |
|---|---|
| name | Name of the base Limetype. |
| token_permissions | Enables and disables functionality for endpoints that uses tokens for authorization. To put it short, what you can do in the portal! |
| anonymizeddate | Name of the date property on the base Limetype. |
| expiredays | Number of days to add to today and write to the expireddate property when getting an anonymize request. |
| tokenhours | Number of hours a token is valid. Decimal values are valid. |
| invisible | Makes the Limetype and all it's properties and sub objects invisible in the portal and Excel files for token authenticated users. They will however be anonymized. |
| disable_save | Disables saving - nothing is changed in the database. Useful when configuring the portal. |
| portal_base_url | Overrides the automatically generated url to the portal. Useful when a reverse proxy is used. Appends ?app=APPNAME&token=TOKEN to the end. |
| client_permissions | Enables functionality depending on the current user's group. Same format as for the Lime Bootstrap app config. |
| properties | Properties configured for GDPR on the base limetype. See Properties on base limetype section below. |
| related_limetypes | Limetypes related to the base limetype. See Related limetype configuration section below. |
| consent_relations | Properties that are relations to consent. See Consent relation configuration section below. |
Properties on base limetype¶
Each property added has a couple of attributes that have to be set.
3.x and newer
- All attributes on properties must be explicitely set. For example, there is no longer a "global"
replacewithon the base limetype level to fall back to as in previous versions. anonymizeis a new attribute. If set tofalse, the property will not be anonymized andreplacewithwill not be used. Previously all properties that were added were anonymized. This means that it's now possible have data in the portal and Excel files without it being anonymized.- Attributes
customandpropertieswere removed. - Attribute
fieldorderwas removed. The portal and Excel export now uses the order of the properties in the config.
name¶
The name of the property
"name": "phone"
anonymize¶
Set to true means this property will be anonymized. Used in combination with replacewith.
"anonymize": true
replacewith¶
The value used when the property is anonymized. Replacewith does not support date properties.
"replacewith": VALUE DEPENDING ON PROPERTY TYPE
searchfor¶
Set to true means the value of this property will be searched for in all properties configured on related and consent objects and replaced during anonymization. Works with text, email and phone type properties.
"searchfor": true
invisible¶
Makes the property invisible in the portal and Excel files for token authenticated users. It will however be available for anonymization.
"invisible": true
readonly¶
Set to true makes the property readonly in the portal. It's still available for anonymization.
"readonly": true
email¶
Set to true means this is the email address that will be used for emailing the portal link to. Should only exist on one property.
"email": true
Related limetype configuration¶
{
"name": "history",
"relation": "person",
"invisible": false,
"properties": [
{
"name": "note",
"invisible": false
},
{
"name": "date",
"invisible": false
}
]
}
| Parameter | Value |
|---|---|
| name | Name of the related limetype |
| relation | Name of the property on the related limetype that relates to the base limetype |
| invisible | Makes the limetype and all it's objects invisible in the portal and Excel files for token authenticated users. It will however be available for anonymization. |
| properties | Properties configured for GDPR on the related limetype. See Properties on related limetype section below. |
3.x and newer
- Attribute
backreferencewas removed.
Properties on related limetype¶
Properties on related limeobjects can only be displayed and not anonymized in the same way as properties on the base limetype can. However, if a property on a base limetype has searchfor set to true, the properties configured on the related limetypes will be searched. Found values will be replaced with the value of replacewith from the property on the base limetype. The purpose is for example to be able to "censor" a person's names from history notes.
name¶
The name of the property
"name": "note"
invisible¶
Makes the property invisible in the portal and Excel files for token authenticated users.
"invisible": true
Consent relation configuration¶
{
"name": "consent",
"defaultsourcetoken": "gdprportal",
"invisible": false
}
| Parameter | Value |
|---|---|
| name | Name of the relation property on the base limetype |
| defaultsourcetoken | Key of the source option to be used as default when authenticating with token |
| invisible | Makes all consent on this relation invisible in the portal |
Changes from 0.x
Previously, consent was a part of GDPR but is now its own add-on. This means that all config in terms of property mapping etc is done in the consent add-on.
Impersonate user¶
The name of the impersonate user created during the install is required for the portal to work.
"impersonate": "limegdprportal"
Translation overrides¶
It's possible to override the translations that are displayed in the portal. Here's an example of how to override the portal title:
"translation_overrides": [
{
"languages": [
{
"lang": "sv",
"msgstr": "GDPR"
},
{
"lang": "en",
"msgstr": "GDPR"
},
{
"lang": "da",
"msgstr": "GDPR"
},
{
"lang": "no",
"msgstr": "GDPR"
},
{
"lang": "fi",
"msgstr": "GDPR"
}
],
"msgid": "portal_title"
}
]
Available msgids can be found in the translation endpoint: https://THE_LIMESERVER/APP_NAME/gdpr/translation/
Translations in Localize
Since version 1.x of GDPR, all translations (except the ones for creating an Outlook email in the desktop client) are installed in standard PO-files.
Web component¶
Add the GDPR web component to the person object card. In Lime Admin, go to Views➡Person➡Card➡Web components and add lwc-limepkg-gdpr-gdpr. Repeat/edit if you have other base limetypes than person configured.
Upgrading from 1.x