Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
How can I get a user last activity timestamp using the QRS API?
Hey Adrien,
What precisely is the last user activity timestamp? To be honest, the easiest method would be to gauge thing on when a user last used a license? Other methods will require them to change something, otherwise there would be no record of them.
Are you using the token model or the professional/analyzer model?
Hi Levi, thanks for your help:
- I want the approximate timestamp of the last time the user has been using the Qlik server. So indeed, when a user last used a license seems appropriate.
- I think we are using a token model (users have an attribute of type 'access' with value 'TokenUser')
/qrs/license/useraccesstype/full returns a "lastUsed" attribute that tells the last time the user was checked for token access.
If you're using Qlik-Cli you can use Get-QlikUserAccessType -full
This can be used to detect dormant user access tokens and quarantine/remove them.
As an FYI, you can adapt this for the Professional / Analyzer model as well. I've pinged Adam to get the modules in base Qlik-Cli but:
$InactivityThreshold = Read-Host -Prompt 'Input the username date threshold for inactivity (e.g. 90)'
# Get date format for 90 days ago
$date = Get-Date
$date = $date.AddDays(-$InactivityThreshold)
$date = $date.ToString("yyyy/MM/dd")
$time = Get-Date
$time = $time.GetDateTimeFormats()[109]
$inactive = $date + ' ' + $time
# Connect to Qlik Sense
$myFQDN=(Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain
$myFQDN = $myFQDN.ToLower()
# Connect to Qlik-CLI
Connect-Qlik -ComputerName $($myFQDN)
function Remove-QlikUserAccessType {
[CmdletBinding()]
param (
[parameter(Position=0,ValueFromPipelinebyPropertyName=$true)]
[string]$id
)
PROCESS {
return Invoke-QlikDelete -path "/qrs/license/useraccesstype/$id"
}
}
function Get-QlikProfessionalAccessType {
[CmdletBinding()]
param (
[parameter(Position=0)]
[string]$id,
[string]$filter,
[switch]$full,
[switch]$raw
)
PROCESS {
$path = "/qrs/license/professionalaccesstype"
If( $id ) { $path += "/$id" }
If( $full ) { $path += "/full" }
If( $raw ) { $rawOutput = $true }
return Invoke-QlikGet $path $filter
}
}
function Remove-QlikProfessionalAccessType {
[CmdletBinding()]
param (
[parameter(Position=0,ValueFromPipelinebyPropertyName=$true)]
[string]$id
)
PROCESS {
return Invoke-QlikDelete -path "/qrs/license/professionalaccesstype/$id"
}
}
function Get-QlikAnalyzerAccessType {
[CmdletBinding()]
param (
[parameter(Position=0)]
[string]$id,
[string]$filter,
[switch]$full,
[switch]$raw
)
PROCESS {
$path = "/qrs/license/analyzeraccesstype"
If( $id ) { $path += "/$id" }
If( $full ) { $path += "/full" }
If( $raw ) { $rawOutput = $true }
return Invoke-QlikGet $path $filter
}
}
function Remove-QlikAnalyzerAccessType {
[CmdletBinding()]
param (
[parameter(Position=0,ValueFromPipelinebyPropertyName=$true)]
[string]$id
)
PROCESS {
return Invoke-QlikDelete -path "/qrs/license/analyzeraccesstype/$id"
}
}
Get-QlikUserAccessType -filter "lastUsed lt '$inactive'" -full | Remove-QlikUserAccessType
Get-QlikAnalyzerAccessType -filter "lastUsed lt '$inactive'" -full | Remove-QlikAnalyzerAccessType
Get-QlikProfessionalAccessType -filter "lastUsed lt '$inactive'" -full | Remove-QlikProfessionalAccessType
Hi Gary,
Thanks a lot for your help.
Indeed /qrs/license/useraccesstype/full seems perfect for my use case for users using token.
BUT I afraid we also have users using 'LoginAccess'. For those /qrs/license/useraccesstype/full returns nothing. Can we find the same information (lastUsed) for users using 'LoginAccess'?
/qrs/license/loginaccessusage/full
Sample response:
[
{
"id": "354bff8e-88b9-41a6-814d-d09c3dde4d5d",
"createdDate": "2018-11-08T20:22:23.179Z",
"modifiedDate": "2018-11-08T20:22:23.179Z",
"modifiedByUserName": "FOO\\bar2",
"user": {
"id": "24405ab0-55ad-4b28-855b-d8c92c8bd3c5",
"userId": "bar2",
"userDirectory": "FOO",
"name": "bar2",
"privileges": null
},
"sessions": [
{
"id": "7c19d293-cbcd-40b8-b093-bc9dfeb9745e",
"createdDate": "2018-11-08T20:22:23.179Z",
"modifiedDate": "2018-11-08T20:22:23.179Z",
"modifiedByUserName": "FOO\\bar2",
"sessionID": "5902acbc-c086-4e22-93cb-3b229da04c8e",
"latestActivity": "2018-11-08T20:22:23.136Z",
"serverNodeConfigurationId": "f206bf30-1e5c-498a-8f73-f1f9e2120863",
"schemaPath": "License.LoginAccessUsage.Session"
}
],
"loginAccessType": {
"id": "2d28e029-0f1e-40f3-b62b-2049f63314c4",
"name": "Temp",
"privileges": null
},
"useStartTime": "2018-11-08T20:22:23.136Z",
"latestActivity": "2018-11-08T20:22:23.136Z",
"hostName": "::1",
"serverNodeConfigurationId": "f206bf30-1e5c-498a-8f73-f1f9e2120863",
"privileges": null,
"schemaPath": "License.LoginAccessUsage"
}
]
Hey Ltu!
I have the same use case and I am using licence/useracesstype/full which gives me some of the results but I have noticed that all the results are from the year 2018 and it does not capture any users before 2018.
When I try loginaccessusage/full I get an empty array, so I don't think that is particularly useful.
Do you have any suggestions?
Thank you
Palash
Hi Dear LeviTurner
Wonderful script, i'm using but i need an extra help if is possible i need invoke the following functions but not filtered by inactive time, i need filter by user id
I'm Trying with -filter user "<id_user>" and -filter userid "<id_user>" but not works
Thanks
Hi @Levi_Turner
Thanks for your response. But the response doesn't have lastUsed like that other endpoints you have shared earlier. Which field we can refer to in the above response.
Regards
Sivanesan