GDPR 和 SharePoint 用户查找
GDPR and SharePoint User Lookups
(不仅)因为 GDPR,当员工离开公司时,他的所有个人数据都应该被删除。应该为该用户和用户本身从 Active Directory 中删除文件。
但即使从 AD 中删除了用户,所有 "Created By"、"Modified By" 和其他用户字段仍然可能包含该员工的姓名,即使是属于其他人且不应删除的文档也是如此.
如何在不破坏 SharePoint/Applications 的情况下解决此问题取决于这些列表中的(任何)有效人员信息?
您可以从用户配置文件服务中清除用户的个人信息(姓名、电子邮件等),以便 SharePoint 仅引用他们的(希望是匿名的)用户 ID。
如有必要,您还可以使用 PowerShell 和客户端对象模型 (CSOM) 覆盖任何剩余信息(在网站集用户信息列表中捕获),如“[已编辑]”。
请参阅 Microsoft 针对 SharePoint here 的 GDPR 合规性文档。
Follow these basic steps to remove a user’s personal information from their SharePoint Server user profile:
Remove the user information from any external systems that feed into the SharePoint Server user profile. If you are using directory synchronization, the user must be removed from the on-premises Active Directory environment.
Run a profile synchronization on SharePoint Server.
Delete the profile from SharePoint Server. Once this is done, SharePoint Server will fully remove the profile from the User Profile Database in 30 days. The user’s profile page and personal site will be deleted.
After deleting a user’s profile, some limited information (such as user ID) may still be recorded in site collections that the user has visited. If you choose to delete this data from a given site collection, this can be done using CSOM. A sample script is provided below:
$username = "<admin@company.sharepoint.com>"
$password = "password"
$url = "<https://site.sharepoint.com>"
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force
# the path here may need to change if you used e.g. C:Lib.
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server ExtensionsISAPIMicrosoft.SharePoint.Client.dll"
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server ExtensionsISAPIMicrosoft.SharePoint.Client.Runtime.dll"
# connect/authenticate to SharePoint Online and get ClientContext object.
$clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($url)
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $securePassword)
$clientContext.Credentials = $credentials
if (!$clientContext.ServerObjectIsNull.Value)
{
Write-Host "Connected to SharePoint Online site: '$Url'" -ForegroundColor Green
}
# Get user
$user = $clientContext.Web.SiteUsers.GetByLoginName("i:0#.f|membership|user@company.sharepoint.com")
# Redact user
$user.Email = "Redacted"
$user.Title = "Redacted"
$user.Update()
$clientContext.Load($user)
$clientContext.ExecuteQuery()
# Get users
$users = $clientContext.Web.SiteUsers
# Remove user from site
$users.RemoveById($user.Id)
$clientContext.Load($users)
$clientContext.ExecuteQuery()
(不仅)因为 GDPR,当员工离开公司时,他的所有个人数据都应该被删除。应该为该用户和用户本身从 Active Directory 中删除文件。
但即使从 AD 中删除了用户,所有 "Created By"、"Modified By" 和其他用户字段仍然可能包含该员工的姓名,即使是属于其他人且不应删除的文档也是如此.
如何在不破坏 SharePoint/Applications 的情况下解决此问题取决于这些列表中的(任何)有效人员信息?
您可以从用户配置文件服务中清除用户的个人信息(姓名、电子邮件等),以便 SharePoint 仅引用他们的(希望是匿名的)用户 ID。
如有必要,您还可以使用 PowerShell 和客户端对象模型 (CSOM) 覆盖任何剩余信息(在网站集用户信息列表中捕获),如“[已编辑]”。
请参阅 Microsoft 针对 SharePoint here 的 GDPR 合规性文档。
Follow these basic steps to remove a user’s personal information from their SharePoint Server user profile:
Remove the user information from any external systems that feed into the SharePoint Server user profile. If you are using directory synchronization, the user must be removed from the on-premises Active Directory environment.
Run a profile synchronization on SharePoint Server.
Delete the profile from SharePoint Server. Once this is done, SharePoint Server will fully remove the profile from the User Profile Database in 30 days. The user’s profile page and personal site will be deleted.
After deleting a user’s profile, some limited information (such as user ID) may still be recorded in site collections that the user has visited. If you choose to delete this data from a given site collection, this can be done using CSOM. A sample script is provided below:
$username = "<admin@company.sharepoint.com>" $password = "password" $url = "<https://site.sharepoint.com>" $securePassword = ConvertTo-SecureString $Password -AsPlainText -Force # the path here may need to change if you used e.g. C:Lib. Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server ExtensionsISAPIMicrosoft.SharePoint.Client.dll" Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server ExtensionsISAPIMicrosoft.SharePoint.Client.Runtime.dll" # connect/authenticate to SharePoint Online and get ClientContext object. $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($url) $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $securePassword) $clientContext.Credentials = $credentials if (!$clientContext.ServerObjectIsNull.Value) { Write-Host "Connected to SharePoint Online site: '$Url'" -ForegroundColor Green } # Get user $user = $clientContext.Web.SiteUsers.GetByLoginName("i:0#.f|membership|user@company.sharepoint.com") # Redact user $user.Email = "Redacted" $user.Title = "Redacted" $user.Update() $clientContext.Load($user) $clientContext.ExecuteQuery() # Get users $users = $clientContext.Web.SiteUsers # Remove user from site $users.RemoveById($user.Id) $clientContext.Load($users) $clientContext.ExecuteQuery()