Data Privacy Toolkit Post-Setup Tasks

Update the DPTK application user roles

If you installed the Data Privacy Toolkit for the first time, you need to add users to the DPTK application’s user roles (You can skip this step if you set the user or group mappings in the AutoDeploy or scripted installation). Follow the documentation at https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/tsec_tasroles.html or do the following steps:

  • In the WAS cosnole, navigate to Applications > WebSphere enterprise application > DataPrivacyToolkit > Security role to user/group mapping
  • Select the Role dptk (and/or dptkAdmin), and click Map Users... or Map Groups... - depending on whether you want to add single users or user groups.
  • Search for the users or groups you want to add, and move them to the Selected: list by using the arrow button
  • Click OK
  • Verify that the users or groups are now added to the Mapped users or Mapped groups accordingly
  • Click OK
  • Click Save directly to the master configuration
  • Fully resynchronize the WebSphere servers
  • Restart the DPTKCluster

Update the Webserver Plugin (Generate + Propagate)

You might also need to update the Webserver Plugin in order to map the application.

  • In the WAS console, navigate to Servers > Server Types > Web servers
  • Select all webservers and click Generate Plug-In
  • Click Propagte Plug-In

Check if pseudonymization works as expected

Depending on the configuration of the Data Privacy Toolkit as well as the configuration of your environment, it may be possible that the pseudonymization fails, e.g. if the task tries to alter read-only attributes. To validate if pseudonymization works as intended, you can use the API endpoint HOSTNAME/dptk/api/selftest/check/field/access.json (via any Web-Browser). For this validation, the tool requires information about a test-user that the pseudonymization can check against. Please provide this test user by guid in the configuration property dptk.access.test.user. A successful response (HTTP 200) indicates that the system is ready for pseudonymization - in case of an error (HTTP 400), please use the information provided in the response to determine whether pseudonymization encoutered issues with any fields (FAILED: anonymizing field or FAILED: restoring field).