The olat.log must not contain information that reveal the real identity of a user.
The idea is when referring to a user only the identity.key shall be logged. As long as a user exists in OpenOLAT, the real identity can be revealed by looking up the identity key.
When a user is deleted the log entries remain. However, since the log does not contain "clear text" information about the user, the users identity can not be revealed anymore (unless a backup is restored to lookup the identity key). The backup policy must thus be part of the disclaimer.
To solve this, mostly the Tracing class must be fixed. Real-World log files should also be analysed to see if there are specific log messages that needs adjustments.
- Logging actions that have an audit character where a user performs an action not as normal user but as a role of the institution can optionally log information about the identity. E.g. such actions could be system administration actions like system configuration or creating or deleting a user. We do not actively add this data, however when it is there we do not try to clean it from the log.