Installation Instructions

Preparations

• Check that the requirements are met.

Installation

1. Python package
2. LIP package
3. Actionpad app
4. Filters
5. Create an impersonation Lime user
6. Configure the consent add-on
7. Configure the GDPR add-on
8. Configure the web component
9. Public Internet Access On-premise

Python package

1. Copy and run the below poetry command to add the python dependency to the solution.

       poetry add limepkg-gdpr
   

   A Restart of the Lime CRM server is required afterwards.

2. Build and deploy your solution.

LIP package

Run the included LIP package to add date fields for expireddate and anonymizeddate on the person table and the VBA modules. If you're using another table than person, add the fields manually to that table.

Actionpad app

One actionpad app is included and could be used both at the index actionpad, as well as individual actionpads. It's possible to hide the GDPR functions on user group level as recommended in these default settings.

3.x and newer

Note that these settings only show and hide the links in the desktop client, the permissions in action are configured in Lime admin. Therefore these settings should also be set in Lime Admin.

Person

Include the following code on each actionpad of which Limetype you have configured for GDPR (eg person.html):

<div data-app="{
    app: 'addon_gdpr',
    config: {
        'permissions': {
            'token': ['Administrators'],
            'anonymize': ['Administrators'],
            'createAnonymizeRequest': ['Administrators', 'Users'],
            'deleteAnonymizeRequest': ['Administrators', 'Users'],
            'downloadExcel': ['Administrators', 'Users'],
            'downloadJson': ['Administrators', 'Users']
        }
    }
}"></div>

Index

Include the following code in your index.html (note the additional property 'view': 'index'):

<div data-app="{
    app: 'addon_gdpr',
    config:{
        'view': 'index',
        'permissions': {
            'bulkAnonymize': ['Administrators'],
            'bulkDeleteAnonymizeRequest': ['Administrators', 'Users'],
            'bulkDelete': ['Administrators']
        }
    }
}"></div>

Filters

Two filters are included in the legacy/lip/resources folder to be used by the Desktop client. In the Desktop client, import Persons requested to anonymize delete.lff and Anonymized persons.lff

Impersonate user

If the portal is going to be used, an "Impersonate user" has to be created in LISA. All endpoints where a token is used for authentication uses so called impersonation. The impersonate user should only have access and CRUD to the limetypes exposed in the configuration. Using the admin or limeadmin account seems like an easy solution but is a very bad idea! The name of the impersonate user must also be added to the configuration in Lime Admin.

Step by step instructions for LISA

1. Create the limegdprportal user with the following settings:
   • Active: No
   • Type: Integration
   • Login: LIME PRO Authentication
2. Create the limegdprportal group. Make the limegdprportal user a member of this group.
3. Go to policies and set the correct policies for the limegdprportal group on each table or field. This is an example of common settings:

Policy name	R	W	A	D	Apply to
tbl_company	•	•			company table
tbl_consent	•	•	•		consent table
fld_consenttype	•				consenttype field on consent table
tbl_consenttype	•	•			consenttype table
tbl_document	•	•			document table
tbl_history	•	•			history table
tbl_participant	•	•			participant table
tbl_person	•	•	•	•	person table

Consent add-on

Since GDPR is depending on the consent add-on, the consent add-on will be automatically installed. It must also be configured, please see the consent add-on's own documentation on how to.

Public Internet Access On-premise

In order for non-Lime users to access the Lime GDPR portal, some parts of the Lime CRM server must be publicly exposed to the internet. Some customers already have the full server exposed, some don't. Exactly how to minimize the exposure is up to the customer's IT department to solve, but using a proxy is one solution¹. The URL patterns that must be exposed for Lime GDPR to work are:

• PORTAL_BASE_URL/static/gdpr/* - portal
• PORTAL_BASE_URL/APPNAME/gdpr/* - endpoints

PORTAL_BASE_URL is referring to the hostname of the Lime CRM server and can be overwritten in Lime Admin per limetype.

---

1. Note that if a proxy is used, the URL can differ from the server URL. ↩