This documentation relates to the latest released version of BMC Discovery (other versions).

The BMC Discovery product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).

Note

This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection_en. Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Discovery product can help customers meet some requirements of the GDPR. For more information about how BMC solutions can help achieve the requirements of the GDPR, see https://www.bmc.com/it-solutions/gdpr-compliance.html

Personal information for BMC Discovery users

Personal information for BMC Discovery users is manually entered, or retrieved from single sign-on services, or directory services for the user session. You can find personal information on BMC Discovery users in the following parts of the UI:

  • Administration > Users
    Lists all of the UI users configured in BMC Discovery.
  • Administration > Active Sessions
    Shows username, IP address, and browser information on users with a current session. 
  • Administration > Audit
    You can purge all events over a specified age. As the audit log is a record of events on the BMC Discovery system, you cannot select events specific to a user and delete those events.
  • Explore > Data > Context & Metadata > People
    Lists all person nodes in the BMC Discovery datastore.

Person node

BMC Discovery stores user information for each user who accesses the UI in a person node. A person node can contain the following information, that is entered when the user is created, or retrieved from an LDAP/directory services integration:

  • Name
  • Phone
  • E-Mail
  • Employee ID
  • User name
  • Role
  • Thumbnail image–retrieved from an LDAP/directory services integration

FoundationUser

BMC Discovery stores user information for each user who accesses the UI in a FoundationUser node. A FoundationUser node can contain the following information, that is entered when the user is created, or retrieved from an LDAP/directory services integration:

  • User name
  • Favorite groups
  • Pattern Execution requested by the User
  • Model Definitions the user chose as favorites

Personal information discovered by BMC Discovery

Personal information can be discovered by BMC Discovery if it exists in target systems in your IT estate. The type of personal information that can be discovered depends on the targets you discover, the level of credential you use to discover those targets, and any patterns used for discovery, including custom patterns.

Data privacy concerns should ideally be addressed in those target systems. BMC Discovery can help identify instances of personal information in those target systems.

If you delete personal data that is retrieved from target systems, the same personal data will be retrieved from the target when it is next discovered. For complete permanent deletion of personal data that is retrieved from target systems, deletion must first occur on the target system, and then in BMC Discovery.

Addressing data privacy requests

You can locate personal information for local users or in discovered data using the BMC Discovery search tools. You cannot entirely delete personal information from the BMC Discovery datastore. You can mark the node as destroyed, though the information remains visible to searches where you specify that destroyed data should also be searched.

You cannot anonymize personal information. 

To search for and report on personal data in BMC Discovery

You can locate personal information for local users or in discovered data using the BMC Discovery search tools. The simplest way of searching for any personal data is to enter the name or username of the requester into the search box at the top right of the screen. 

Performing an advanced search for discovered personal data in BMC Discovery

Search queries are entered by using the Advanced Search page. This enables you to use the Partial Match option that ensures that your search includes fragments of the name or username. Fragments of the username might be contained in DDD such as command arguments, or results of WMI queries. This search also finds matching data for BMC Discovery users.

  1. Click the magnifying glass icon next to the search box, and then click Advanced Search
    The Advanced Search page is displayed.
  2. Under Keywords, enter the keyword or text string you want to search for.
  3. Select Partial Match.
  4. Click Search.

Performing an advanced search for personal data for BMC Discovery users (Person nodes)

Search queries are entered by using the Advanced Search page. You can limit the scope of your search to person nodes using this page.

  1. Click the magnifying glass icon next to the search box, and then click Advanced Search
    The Advanced Search page is displayed.
  2. Under Keywords, enter the keyword or text string you want to search for.
  3. In the Administration section, select People.
  4. Click Search.



Using a generic query to search for personal data for BMC Discovery users (FoundationUser nodes)

Search queries are entered by using the Enter Generic Query page.

  1. Click the Search icon to the left of the Search box at the top right of the UI.
    The Search Options in the drop down panel are displayed.
  2. Click the Generic Search Query link.
  3. Enter the query in the text entry field. For example, to search for a test user, enter:

    SEARCH IN "_System" FoundationUser WHERE username HAS SUBWORD "test"

    To search for the test user including destroyed data, enter:

    SEARCH FLAGS (include_destroyed) IN "_System" FoundationUser WHERE username HAS SUBWORD "test"
  4. Click Run Query.
    The results are displayed in a report.
    • To export the results in a comma separated values (CSV) file, click Export (CSV).
    • To export the results in an XML file, click Export (XML).
    • In each case, a download dialog is displayed.
  5. Save the file to your local file system.

To export personal data

You can export the results of any search operation or any report in CSV format, enabling you to access the data using text editors, spreadsheet, and database applications.

To do this, click Export as CSV on the results page of any search or report. You are prompted to open the CSV file directly or to save it.

To delete personal data in BMC Discovery

You cannot entirely delete information from the BMC Discovery datastore using the UI. You can mark a node containing personal information as destroyed, though the information remains visible to searches where you specify that destroyed data should also be searched. The tw_query command line utility also provides the capability of marking nodes as destroyed, though again the destroyed information remains visible.

BMC Discovery version 11.3 patch 1 and later releases extend the capability of the tw_query utility so that it can remove the information completely. Removing the information completely cannot be reversed and can lead to data instability and unexpected system behavior. If you are at all unsure about the consequences of this action, you should contact customer support in advance.

To mark personal information as destroyed using the UI

When you view a node, you can mark it as destroyed using Actions > Destroy.

When you view a list of nodes, you can mark one or more as destroyed by selecting them and using Actions > Destroy.

To mark personal information as destroyed using the tw_query utility

From the command line you can use the tw_query utility to mark information as destroyed.

Warning

Use of this tool can lead to data instability and unexpected system behavior. If you are at all unsure about the consequences of this action, you should contact customer support in advance. You should be entirely sure that you want to do this, and should take particular care that the query you enter returns exactly the information you expect.

See the tw_query documentation for complete information on this use of the utility.

[tideway@appliance01 ~]$ tw_query --destroy "search in '_System' FoundationUser where username = 'query_user'"
Password for BMC Discovery UI user system:

WARNING: Use of this tool can lead to data instability and unexpected
system behavior. If you are at all unsure about the consequences of this
action, you should contact customer support in advance.

1 node will be marked as destroyed in the data store.

Are you sure? (y/n) y

Destroying 1 FoundationUser node...
Destroyed 1 FoundationUser node.

[tideway@appliance01 ~]$ 

To entirely delete personal information using the tw_query utility 
(BMC Discovery 11.3 patch 1 and later)

Using BMC Discovery 11.3 patch 1 and later, you can use the addtional --purge option to completely remove nodes containing personal information.

Warning

Use of this tool can lead to data instability and unexpected system behavior. If you are at all unsure about the consequences of this action, you should contact customer support in advance. You should be entirely sure that you want to do this, and should take particular care that the query you enter returns exactly the information you expect.

You need the system user credentials to mark nodes as destroyed.

[tideway@appliance01 ~]$ tw_query --destroy --purge "search in '_System' FoundationUser where username = 'user01'"
Password for BMC Discovery UI user system:

WARNING: Use of this tool can lead to data instability and unexpected
system behavior. If you are at all unsure about the consequences of this
action, you should contact customer support in advance.

1 node will be destroyed and permanently purged from the data store.

Are you sure? (y/n) y

Destroying and purging 1 FoundationUser node...
Destroyed and purged 1 FoundationUser node.

[tideway@appliance01 ~]$ 
Was this page helpful? Yes No Submitting... Thank you
© Copyright 2004 - 2019 BMC Software, Inc.
Legal notices