User anonymization and staff_action_logs

Hi all,

I found it odd, that after I anonymize a user I am still able to see an old user name and email linked to new “anonymized”, random username under admin/logs/staff_action_logs. It does not seem to me like it
is real anonymization and probably keeping this data in logs forever is an offense against EU GDPR laws.

I also see a little benefit from keeping logs of such actions. Could you please tell me how to remove this logs permanently and maybe it is also possibly to clean Discourse logs periodically and limit logging policy somehow?

Thank you in advance


You need to uncheck this setting log anonymizer details to stop this happening again. When complying with GDPR you must turn this off.

I’m not sure about removing this from logs though.


Hi Ondrej, thank you for fast answer.

Ok, I disabled this option however the actions that are logged already are still visible. How can I remove logs?

For getting rid of old rows after enabling the aforementioned setting, first inspect relevant user history rows via rails console:
UserHistory.where(action: 24)

Once you’re sure that the above covers all the rows you want to ensure no longer have any user data attached in the logs, run this in the rails console:
UserHistory.where(action: 24).update_all(details: nil, email: nil)

(The “details” and “email” is what contains the personal data and will be wiped by above. Deleting the rows is not necessary for GDPR compliance, but if you want that, use delete_all.)

Run at your own risk and make backups before running database commands at scale.

You might also want to trigger a vacuum on postgresql so that any dead tuples that still have the values are actually deleted, after running the commands above.


Thanks Hooksmith, your solution works. However I can see no reason for not running from time to time:


Maybe I will write a script to run it weekly.
Take care

1 Like

That night be the better way as sometimes I have had to undo an anonymous action due to poor judgement of a staff member. It is not perfect but as an admin did figure a way to restore and anonymized user.

This table provides the data that is used to populate your site’s staff action logs. It’s useful to keep the history of your site’s staff members intact. At the very least, it’s helpful for debugging issues on the site that are related to settings being changed by staff members.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.