Spike/bug: Investigate deactivated users inclusion in compliance export

Description

Another query that I have is regarding compliance exports. A user mentioned that the users exported (format used is Actiance XML) is more than the active users in the system. Does Compliance exports also include user accounts that have been deactivated? Is this expected?

I did some testing and far as I can tell it does include deactivated users (though I'm honestly not too sure, I just see the name of the deactivated user mentioned in ```ParticipantEntered```)

The user found this difference by using an in-house app of theirs that counts the number of users in the file and gets their details using the API and compared it to the active user number in Mattermost

Issue created from a message in Mattermost.

QA Test Steps

1. Login as system admin and create a private channel.
2. Add user-1 to the channel.
3. Post a message from system admin, or user-1, or both.
4. Deactivate user-1, doesn’t matter how.
5. Run an Actiance compliance export. Observe that user-1 is present in the list of channel members in the XML output.
6. Have system admin post in the channel again.
7. Run another Actiance export. Observer that user-1 is not present in the list of channel members in the XML.
8. Re-activate user-1.
9. Repeat step #3.
10. Repeat step #5.

Activity

Show:
Rohitesh Gupta
August 12, 2020, 6:10 AM

Tested the issue on the 5.25.3-rc1 test instance and the issue is fixed and is working fine now. Closing the ticket since it has been tested on both 5.25 and 5.26 test instances.

Rohitesh Gupta
August 10, 2020, 11:57 AM

Tested on the latest 5.26 test instance and the issue is fixed now and is working fine as expected for both CSV & Actiance Exports. The ticket will be closed once its tested on 5.25 instance.

Katie Wiersgalla
August 5, 2020, 7:21 PM

We have received feedback from Actiance that they do not expect having deactivated users in the XML export.

If a user is deactivated on the communication channel itself, he/she would not be able to send any message or be part of any communication. Given that, we would not expect data from such users or references to them as participants in the XML. In fact, having them in the XML could possibly mislead the customer’s compliance team. So as you anticipated, we would suggest removing these users from the XML. We do not expect this change to have an impact on the functioning of our application, Vantage, for our mutual customers.”

Please proceed with a fix.

Martin Kraft
August 1, 2020, 11:23 AM

Here are some WIP pull requests with the potential fix, if we proceed forward with one of the proposed solutions:

WIP, further testing required.

Katie Wiersgalla
July 31, 2020, 2:34 PM
Edited

Upon further reflection, I am rescinding my previous comment. We have been sending deactivated users in the exports since the original release of this feature and there could be a large downstream affect to customers that have data loading into Actiance by removing the deactivated users.

I am reaching out to Actiance to find out if they have a best practices for deactivated users and if they have any thoughts on what the downstream affect would be.

Done

Mana

4

Assignee

Hossein Ahmadian

QA Assignee

Rohitesh Gupta

Reporter

Martin Kraft

Epic Link

None

Fix versions

Mattermost Team

Enterprise

Sprint

None

QA Testing Areas

Compliance

GitHub Issue

None

Components

None

Severity

None