The procedure for the retrieval of stored data from users after the end of service use is specified within deprovisioning regulation for the bwSync&Share service. This concerns the data in the storage quotas available to employees and students of universities and colleges in Baden-Württemberg and the participating members of the DFN-Verein.
External users do not have their own storage quota. Folders to which external users are invited fall within the scope of the deprovisioning regulations of the respective owners of folders. The deprovisioning of user data (user account/password/authorizations) of external users is described at the end of this article: Deprovisioning External user
A storage quota is made available under the following conditions:
- An active user account exists in the local user administration.
- The local user account has the right (entitlement) to use bwSync&Share
- The user has registered for the service (on https://bwidm.scc.kit.edu).
The criteria are verified by bwIDM Identity Management.
Within the user administration of bwSync&Share, a separate account is maintained to which the storage quota is assigned. The folders and data of the account as well as the invitations, i. e. granted access rights to the folders, are managed here.
If there is no longer a valid registration the deprovisioning of accounts and data within the bwSync&Share service will be started. A deregistration can be triggered by different actions:
a) The user account is no longer active in the local user administration of the home institution. The deregistration is done automatically.
b) The local user account has lost the right (entitlement) to use bwSync&Share. The deregistration is done automatically.
c) The user has canceled the service himself/herself on the registration page (https://bwidm.scc.kit.edu).
The bwSync&Share user account is deregistered and therefore it is no longer possible to log in to the service. Any discrepancies concerning the local user account must be resolved with the support unit of the home institution. If the user account is reactivated or the Entitlement issued again, the user can log on to the service again. If he/she has unsubscribed from the Service, he/she may do so by registering again.
Two months after deregistration, an information e-mail is sent to the e-mail address of the bwSync&Share user account. The account holders are asked to cancel the deprovisioning, if desired and if possible, by logging in. If necessary, the reason for deregistration can be fixed by the local support unit (see above).
Three months after deregistration, the storage quota and the data it contains is moved to a separate area within the system. All other users invited to the folders of the storage quota will no longer see the corresponding folder and will no longer be able to synchronize the data
Resumption of use
If the reason for the deregistration is withdrawn later than three months, the data must be returned. The folders and data created before deprovisioning are no longer displayed. The feedback is initiated by a ticket in the bwSupport portal of the local support unit (1st level support) and executed by the 2nd level support in bwSync&Share. Access authorisations for other users must be reset once the data has been restored (renewed invitation).
Retrieval of data after deprovisioning
If access to bwSync&Share can no longer be granted (e. g. termination of employment) and if the stored data has not been saved locally in time, it can be transferred to the user. This is possible up to 360 days after deprovisioning.
The data will only be made available to the original owner. The local support unit (1st level support) accepts inquiries and ensures authentication, e. g. by presentation of an identification document, signed e-mail, etc. Via the bwSupport portal, a ticket with the user data and a user's e-mail address goes to the 2nd level support. From there the owner receives a mail with a download link.
Final deletion of data
360 days after deprovisioning both the user account in bwSync&Share and the associated folders and data are irrevocably deleted.
If you have folders in your storage quota that are used by a workgroup, transfer the folder in time to another member of the folder (bwSync&Share Web interface – Manage Members - "Crown" icon "Make Owner"). The new owner must agree to the transfer.
External users store in the Shibboleth user account quota to which they have been invited. The data stored there belongs to the quota holder. The deprovisioning of external user data concerns the corresponding user account with login name (e-mail address), password and access rights to invited folders.
One year after the last login, the stored e-mail address will be contacted and asked to log in again. If this does not happen, the account and access permissions will be deleted one month after notification.
If the mail address is invited again, this is the same as the first creation and registration must be carried out.