Solved: GPDR - Qlik Community

mostal75 · ‎2018-11-26

Hello

Do you have any idea how to list selections made by users in Qlik Sense documents (app name, object name, fields selected, fields values) and report it for GPDR audit ?

Informations are stored in Engine_Traffic log files but I don't know how to easily parse this file.

do you have any idea please ?

Regards

Regis

Levi_Turner · ‎2018-12-04

Hey @mostal75,

In terms of auditing selections made by users, the following is possible:

In this example screenshot from the log opened in Excel (for easy formatting), we can see:

We can see that user QTSEL\LTU opened an app with a specified GUID
Inside of that app the user had this sequence:
- Selecting the QTSEL\ltu value in the UserId field
- Clearing values
- Selecting the INTERNAL\sa_scheduler value in the UserId field
- Clearing values
- Selecting the foo value in the Session App Name field

If this fits with your use case, then you can set it by:

Stop the Qlik Sense Engine and Qlik Sense Service Dispatcher services on all nodes with engines.
For each of the nodes: open Notepad as Administrator
Open the Settings.ini file (by default located at C:\ProgramData\Qlik\Sense\Engine\Settings.ini)
Modify the file to fit this schema:
- [Settings 7]
  Key=Value
- Note the blank line at the end of the file
Save the file
After these changes have been made on all nodes, start the Qlik Sense Engine and Qlik Sense Service Dispatcher services on each node.
Ensure that the Audit log level for the Engine is set to at least INFO
- QMC > Engines > Edit > Logging

For this use case, the key values will be:

AuditLogAllSelection=1
AuditLogMessageLimit=10000

Hope that helps.

View solution in original post

Levi_Turner · ‎2018-12-04

Hey @mostal75,

In terms of auditing selections made by users, the following is possible:

In this example screenshot from the log opened in Excel (for easy formatting), we can see:

We can see that user QTSEL\LTU opened an app with a specified GUID
Inside of that app the user had this sequence:
- Selecting the QTSEL\ltu value in the UserId field
- Clearing values
- Selecting the INTERNAL\sa_scheduler value in the UserId field
- Clearing values
- Selecting the foo value in the Session App Name field

If this fits with your use case, then you can set it by:

Stop the Qlik Sense Engine and Qlik Sense Service Dispatcher services on all nodes with engines.
For each of the nodes: open Notepad as Administrator
Open the Settings.ini file (by default located at C:\ProgramData\Qlik\Sense\Engine\Settings.ini)
Modify the file to fit this schema:
- [Settings 7]
  Key=Value
- Note the blank line at the end of the file
Save the file
After these changes have been made on all nodes, start the Qlik Sense Engine and Qlik Sense Service Dispatcher services on each node.
Ensure that the Audit log level for the Engine is set to at least INFO
- QMC > Engines > Edit > Logging

For this use case, the key values will be:

AuditLogAllSelection=1
AuditLogMessageLimit=10000

Hope that helps.

mostal75 · ‎2019-01-28

Thanks a lot

vegard_bakke · ‎2020-10-09

Old post, but still relevant regarding GDPR audit.

The problem with logging selections, and not logging the data that has been transferred, is that when you open an app, a user normally can see "all data", as no selections has been applied yet.

Qlik is not logging what the user looks up. Only attempts to filter the data.

And Qlik (as far as I can see) does not log which sheet the user is opening. So we have no way of deducting what the user might have seen, having no filters set.

One workaround may be to set an initial selection filter, that blocks most data from being loaded to the client. This can be a static selection, or at best based on the user name.
Unfortunately I know of no way to set an initial filter based on a user's AD groups, or SAML attributes such as departments, roles etc. (One day, maybe.)