ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Clarity logs have PII data e-mail ID logged in logs

book

Article ID: 236963

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Clarity logs have PII data e-mail ID logged in logs and Splunk

There are multiple instances where username (which is email) is printed in plain text in Clarity logs. Logs containing plaintext PII is not a best practice, as it is sensitive data.Hashing or using a separate identifier that cannot be immediately tied back to a person as a way to parse through logs would be needed.

Environment

Release : Any

Resolution

  • This is considered to be by design. The Clarity username will be present in the logs in order to ensure Support is able to efficiently troubleshoot the issue.
  • The Clarity username does not have to be a PII attribute / email address. This is something that is completely avoidable by reconfiguring how you log in into Clarity.
  • To prevent this you have to modify your setup and use a username that is a userid identifier vs a direct email address. I.e. in SSO you would set up a username for Login and match the same in Clarity, typically it would be letters and/or numbers using parts of the user's name.
  • It can also be randomly generated in some part. I.e. in Clarity setup and Okta the username will not be the email address, but kh845212 or ksm02 etc.
  • It is possible to make the change and reconfigure your system to use identifier vs email address if username is something you use in Clarity/your SSO provider.
  • Then the information in logs would look like this (example error):
    ERROR 2022-03-11 02:59:06,123 [http-nio-1601-exec-10] view.ViewL10nSAXHandler (clarity: kh845212:5199040__4C2896A0-C4D4-4AD3-9B8F-524A2F3AEDFD:odf.filterStateChange) Could not locate vxsl file '' in component odf