Reputation: 355
Logical deletion with event sourcing (potentially with sensitive data / GDPR)
I understand that event sources are supposed to be immutable and append only.
However, I'm wondering how I handle a logical delete. If the user clicks 'delete' on the UI and they are expecting a hard delete, do I include a IsDeleted flag on my event? Are there other options here?
Edit: The question has special interest when there is sensitive data around, maybe stored in the event itself, and the user expects it to be completely flashed-out from our systems. This can relate to the EU GDPR regulation and laws.
Upvotes: 4
Views: 1957
Answers (4)
Reputation: 1504
As @Vincent Hendriks said, "You could publish a 'deleted' event which would remove/ mark the data as deleted in your read database".
Here is a very good example that demonstrates this concept: http://next.belus.com/Demos/Events
In the demo, click the Edit link and press Delete button. At the bottom of the page, see the event that gets created.
Upvotes: 0
Reputation: 86
You could publish a 'deleted' event which would remove/ mark the data as deleted in your read database, but this isn't a hard delete (which you specify in your question). You will still have the data in your event store.
Hard deletes are actually pretty difficult when using event sourcing. I assume you're working with event sourced customer data? There are usually a few solutions for this, but they aren't really pretty:
You either don't eventsource your sensitive customer data but store this seperately and just reference this from your aggregate in some way
You either delete old events (be aware that this might break more than you'd like, but it depends on your design / application)
You either add a deleted event and change existing events to strip out the sensitive data.
Upvotes: 4
Reputation: 1451
Usually you don't display events in your UI, you display your read model that is calculated from events.
For instance, you can have events
TASK_CREATED "one"
TASK_CREATED "two"
TASK_CREATED "three"
TASK_DELETED "two"
In your read model (list of tasks) update code you just add items on TASK_CREATED event and remove it on TASK_DELETED event, so resulting list would be:
"one"
"three"
So, if user clicks 'delete' in the UI, it sends DELETE_TASK command to the aggregate, aggregate publishes TASK_DELETED event, and this event is applied to the read model (removing item from the list). Now when you query the read model, it will have one item removed.
Upvotes: 0
Reputation: 57279
do I include a IsDeleted flag on my event? Are there other options here?
If you are asking "Can I undo an event, by setting the isDeleted flag?"; no, that's not usually how we do it. Instead, we append a new event that "reverses" the effect of the first. You'll sometimes see this described as a compensating event. In mature domains (think accounting), there is often an explicit protocol for reversing events.
Upvotes: 0
Related Questions
- Event Sourcing - How to delete data in an eventstore?
- Deleting Events with Tombstones and Public / Private Data in an Event-Sourced System
- CQRS/ES AR deletion command
- Event Sourcing and CQRS
- How to deal with deleted event classes in event sourcing
- Event Sourcing SQL Server Delete
- How to handle deletes and their related aggregates?
- How to handle a legal enforced data delete request in an event sourced system?
- CQRS/Event Sourcing: How to enforce data-integrity?
- Event Sourcing and Retroactive Events