Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

Offline User Assignment Log

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Offline User Assignment Log

Last Update:

Nov 6, 2023 5:44:18 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jul 9, 2020 5:44:39 AM

As part of the agreement of granting a customer offline license usage, the customer is required to regularly upload User Assignment log files.   This essentially replicates the user assignment data which is sent to Qlik in a manual process.  

 

Applicable Products:

Qlik Sense Enterprise on Windows 
QlikView 
Licensed with a long term offline license. 

 

⚠️ FYI: All information regarding user subject (user information) is hashed using SHA256 to prevent Qlik from accessing the original data.  (The information is encrypted both in transit and at rest).  ⚠️

 

Data transmitted in the log files: 

User Assignment Log File Content

Data Stored In Logs

Data Element

Comment

Sample Data

Signed License Key

 

See above

Allotment name 

Professional / Analyzer

“professional”

Subject

Domain / User ID;
if this an add or delete transaction. By delete the subject will be removed immediately. An internal id will be used to secure sync to other deployments using the same Signed License Key. The internal id will disappear within 60 days after a delete transaction.
(This information is stored for all assigned users until such a time that the assignment is deleted at which point it is deleted. The information is used for synchronizing assignments across deployments in order to facilitate the single-license-multi-deployment scenario. It is encrypted in transit and at rest.)

“acme\bob” user name included in hashed form in the log files and will show as something like:

a24a2f2b67c5e051bcb6cd2d7a9f7ebe

User agent

Build by the License service version (operating system) and Product (e.g. QSEfW, QCS, QSEfE, ADBI, Qlik Core, QV)

Licenses/1.6.4 (windows) QSEfW

Source

Hashed ID to make each deployment unique, e.g. a Qlik Sense Enterprise on Windows and a Qlik Sense Enterprise on Kubernetes will have different Source ID's

fbe89d02-6d24-4595-915e-c52ce76f2195
 

Sync metadata

Versioning information about the subjects and list of subjects to manage the synchronization process.

To review the information, copy the message content of the log and decode it using a base64 decoder.

{ "source": "my assignments",
    "bases": [{ "license": "1234 1234 1234 1234",
 "version": 0 }], "patches": [{
 "instance": "", "version": 0,
            "license": "1234 1234 1234 1234", "allotment": "analyzer", "subject": \\generated4, "created": "2019-04-18T10:01:35.024031Z" }
 

 

 

Related Content:

 

Labels (1)
Comments
paivanov
Partner - Contributor II
Partner - Contributor II

which type of hash are used when encrypted subject and source ?

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @paivanov - let me see if we can get that information 🙂

BMazurekDND
Contributor
Contributor
  1. What hashing algorithm is being used?
  2. When you say the information is "encrypted both in transit and rest", can you elaborate on what precisely "at rest" means in this case?
Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND - let me review your questions with our SMEs.

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND 

The algorithm used cannot be shared. But as for your second question:

At rest means the database is encrypted as well, meaning if a DB admin took a look at the db they would not be able to see the data.
BMazurekDND
Contributor
Contributor

For context, a significant portion of offline users are likely to be high security installations...think intelligence, military, diplomatic, law enforcement, etc.

When there are many secure cryptographic hashing functions available, you seem to be implying that Qlik chose to invent their own algorithm (which is a red flag to such clients).

What can you say to give these clients confidence that Qlik is treating their information securely? (Aside from "trust us" assurances...)

Sonja_Bauernfeind
Digital Support
Digital Support

Absolutely understood, @BMazurekDND.  Let me reach out to the responsible teams and get back to you.

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BMazurekDND - We updated the article with the hashing function being used (SHA256).

BMazurekDND
Contributor
Contributor

Thank you, Sonja.

sis
Partner - Specialist
Partner - Specialist

@Sonja_Bauernfeind 

1. Does the Data Element "Sync metadata" contain sensitive information other than the user ID?

 

2. Will the contents of the Data Element "Sync metadata" be encrypted in the same way as the Data Element "Signed License Key" and "Subject"?

It seems to me that the "license" and "subject" values in Sample Data are not encrypted.

Contributors
Version history
Last update:
‎2023-11-06 05:44 AM
Updated by: