Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
Join us on May 23rd, Q&A with Qlik - Developer Series, Customizing Extensions: Register Today

Offline User Assignment Log

cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Offline User Assignment Log

As part of the agreement of granting a customer offline license usage, the customer is required to regularly upload User Assignment log files.   This essentially replicates the user assignment data which is sent to Qlik in a manual process.  

 

Applicable Products:

Qlik Sense Enterprise on Windows 
QlikView 
Licensed with a long term offline license. 

 

⚠️ FYI: All information regarding user subject (user information) is hashed using SHA256 to prevent Qlik from accessing the original data.  (The information is encrypted both in transit and at rest).  ⚠️

 

Data transmitted in the log files: 

 

User Assignment Log File Content

Data Stored In Logs

Data Element

Comment

Sample Data

Signed License Key

 

See above

Allotment name 

Professional / Analyzer

“professional”

Subject

Domain / User ID;
if this an add or delete transaction. By delete the subject will be removed immediately. An internal id will be used to secure sync to other deployments using the same Signed License Key. The internal id will disappear within 60 days after a delete transaction.
(This information is stored for all assigned users until such a time that the assignment is deleted at which point it is deleted. The information is used for synchronizing assignments across deployments in order to facilitate the single-license-multi-deployment scenario. It is encrypted in transit and at rest.)

“acme\bob” user name included in hashed form in the log files and will show as something like:

a24a2f2b67c5e051bcb6cd2d7a9f7ebe

User agent

Build by the License service version (operating system) and Product (e.g. QSEfW, QCS, QSEfE, ADBI, Qlik Core, QV)

Licenses/1.6.4 (windows) QSEfW

Source

Hashed ID to make each deployment unique, e.g. a Qlik Sense Enterprise on Windows and a Qlik Sense Enterprise on Kubernetes will have different Source ID's

fbe89d02-6d24-4595-915e-c52ce76f2195
 

Sync metadata

Versioning information about the subjects and list of subjects to manage the synchronization process

{ "source": "my assignments",
    "bases": [{ "license": "1234 1234 1234 1234",
 "version": 0 }], "patches": [{
 "instance": "", "version": 0,
            "license": "1234 1234 1234 1234", "allotment": "analyzer", "subject": \\generated4, "created": "2019-04-18T10:01:35.024031Z" }
 

 

 

Related Content:

 

Labels (1)
Comments
paivanov
Partner
Partner

which type of hash are used when encrypted subject and source ?

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @paivanov - let me see if we can get that information 🙂

BMazurekDND
Contributor
Contributor
  1. What hashing algorithm is being used?
  2. When you say the information is "encrypted both in transit and rest", can you elaborate on what precisely "at rest" means in this case?
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND - let me review your questions with our SMEs.

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND 

The algorithm used cannot be shared. But as for your second question:

At rest means the database is encrypted as well, meaning if a DB admin took a look at the db they would not be able to see the data.
BMazurekDND
Contributor
Contributor

For context, a significant portion of offline users are likely to be high security installations...think intelligence, military, diplomatic, law enforcement, etc.

When there are many secure cryptographic hashing functions available, you seem to be implying that Qlik chose to invent their own algorithm (which is a red flag to such clients).

What can you say to give these clients confidence that Qlik is treating their information securely? (Aside from "trust us" assurances...)

Sonja_Bauernfeind
Digital Support
Digital Support

Absolutely understood, @BMazurekDND.  Let me reach out to the responsible teams and get back to you.

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND - We updated the article with the hashing function being used (SHA256).

BMazurekDND
Contributor
Contributor

Thank you, Sonja.

Version history
Last update:
‎2021-11-25 06:40 AM
Updated by: