Differences

This shows you the differences between two versions of the page.

--- support:user_logging [2022/05/11 13:59] – [User Authentication (Auth0)] dpatenaude
+++ support:user_logging [2022/05/24 19:20] (current) – [p.d] dpatenaude
@@ Line 1: / Line 1: @@
 ====== User Logging ======
+This page serves as a high level reference guide to what .decimal logs for user interactions with our software. There are 3 different sections detailed here for the use cases of user logging:
+  - **[[support:user_logging#user_authentication_auth0|User Authentication for Auth0]]:** .decimal uses [[https://auth0.com/|Auth0]] as its user authentication service. As such Auht0 maintains the user login logs for every user.
+  - **[[support:user_logging#customer_applications|Customer Applications]]:** Customer Applications include .decimal developed applications used by end clinical users that are downloaded and installed on the customer's local computers.
+  - **[[support:user_logging#decimal_direct|decimal Direct]]:** Users will interact with the decimal Direct website to perform certain tasks. These interactions are logged for each user. In addition, Customer Applications connect to decimal Direct and some actions of the application may be logged.
 ===== User Authentication (Auth0) =====
-.decimal uses [[https://auth0.com/|Auth0]] as it's user authentication service. Auth0 provides users logs including:
+<WRAP center round info 60%>
+**Note: This section is applicable to Auth0 user logins only.**
+Auth0 user logins use the user's email as the user name. If your username is not an email you have a legacy login and this section is not applicable.
+</WRAP>
+.decimal uses [[https://auth0.com/|Auth0]] as its user authentication service. Auth0 logs user actions including:
   * Successful & Failed Logins
   * Successful Logouts
   * Blocked Account (after too many login attempts)
+Note: These logs are not directly accessible by end users, but may be provided by .decimal staff upon request.
 See below for example logs for common Auth0 events:
@@ Line 14: / Line 28: @@
     "date": "2022-05-11T12:13:02.783Z",
     "type": "Success Exchange",
-    "description": "",
-    "connection_id": "",
     "client_id": "<REDACTED>",
     "client_name": "decimal Launcher",
     "ip": "<REDACTED>",
     "user_agent": "Electron 5.0.13 / Windows 10.0.0",
-    "details":
-    {
-        "code": "<REDACTED>"
-    },
     "hostname": "dotdecimal.us.auth0.com",
     "user_id": "<REDACTED>",
     "user_name": "<REDACTED>",
-    "log_id": "<REDACTED>",
-    "_id": "<REDACTED>",
     "isMobile": false,
-    "type_code": "seacft",
-    "os": "Windows 0.0.0",
-    "os_version": "0.0.0",
-    "device": "Other 0.0.0",
-    "device_version": "0.0.0"
 }
 </code>
@@ Line 41: / Line 42: @@
 {
     "date": "2022-05-11T13:24:10.066Z",
-    "type": "fp",
     "description": "Wrong email or password.",
     "connection": "decimal",
-    "connection_id": "<REDACTED>",
-    "client_id": "<REDACTED>",
     "client_name": "decimal Launcher",
     "ip": "<REDACTED>",
@@ Line 56: / Line 54: @@
     "user_id": "<REDACTED>",
     "user_name": "<REDACTED>",
-    "strategy": "auth0",
-    "strategy_type": "database",
-    "log_id": "<REDACTED>",
-    "_id": "<REDACTED>",
     "isMobile": false
 }
@@ Line 68: / Line 62: @@
 {
     "date": "2022-05-11T13:54:35.190Z",
-    "type": "limit_wc",
     "description": "User (<REDACTED>) attempted 10 consecutive logins unsuccessfully. Brute force protection is enabled for this connection, further attempts are blocked from this IP address for this user.",
     "connection": "decimal",
     "connection_id": "<REDACTED>",
     "client_id": "<REDACTED>",
-    "ip": "68.202.104.120",
+    "ip": "<REDACTED>",
     "user_agent": "Electron 5.0.13 / Windows 10.0.0",
     "hostname": "dotdecimal.us.auth0.com",
     "user_id": "",
     "user_name": "<REDACTED>",
-    "log_id": "<REDACTED>",
-    "_id": "<REDACTED>",
     "isMobile": false
 }
 </code>
-----
+-----------------------------------------------------------------
 ===== Customer Applications =====
@@ Line 92: / Line 83: @@
 ==== p.d ====
+p.d logs the local user activity and records the following information to its local application database:
+^ Log Item ^ Description ^
+| username | The username/email of the user performing the action |
+| patientName | An encrypted string  for the patient the log entry applies to |
+| medicalRecordNumber | An encrypted string for the patient's MRN the log entry applies to |
+| uniquePlanName | An encrypted string for the plan the log entry applies to |
+| planName | An encrypted string for the plan the log entry applies to |
+| logDate | The local date time of the log entry |
+| logEvent | The event that the log entry is for. logEvents include, but are not limited to: \\ -User log in \\ -User log out \\ -Plan Open \\ -Plan Save \\ -Plan Close \\ -Order placed to decimal Direct \\ -Local and DICOM AE file export (e.g.: DICOM) \\ -Patient deletion |
+  * If on p.d 5.4.5 or later these logs may be exported from the About menu within p.d to the designated Data folder in the p.d settings. A new Logs folder will be created that contain the unencrypted user logs.
+  * Otherwise these logs may be exported to a local text file only by a .decimal administrator. For assistance exporting the logs please contact .decimal support.
+==== decimal3D ====
-----
+[[decimal3d:decimal3d|decimal3D]] logs the local user activity and records the following information to its local application database. This information is exportable from the Advanced menu option within the application.
+^ Log Item ^ Description ^
+| User ID | The username/email of the user performing the action |
+| Action  | The action the user performed (see below for an itemized list) |
+| Date/Time | The local date time the action was performed. Actions include, but are not limited to: \\ -User log in attempts\\ -User log in success/fail\\ -User log out\\ -View patients list\\ -View patient info (including patient MRN)\\ -Create new scans/contours\\ -Orders placed to decimal Direct (including beam name)\\ -Local and AE file exports (e.g.: DICOM)\\ -Patient deletion |
+==== decimal eRT ====
+[[electronrt:electronrt|decimal eRT]] logs the local user activity and records the following information to its local patient database. This information is exportable from the Organization Configuration -> Export Logs block within the application.
+^ Log Item ^ Description ^
+| Hardware ID | Local Windows computer name |
+| ID | The ID of the corresponding Data Type of the log entry |
+| Date | The date time of the log entry |
+| Log Event | The event that was logged. Log Event's include, but are not limited to: \\ -Import Patients\\ -View Patients\\ -Open Patients\\ -Import Courses\\ -Update Course\\ -Create Plans\\ -Update Plans\\ -Clone Plans\\ -Open Plans\\ -Update Organization\\ -Export DICOM files locally\\ -Export DICOM files to AE service\\ -Approve Plans\\ -Order files to decimal Direct\\ -Export Reports|
+| Data Type | What data caused to the log entry. Data Type's include, but are not limited to: \\ -Application (root level interactions without a specific data to link to)\\ -Organization\\ -Patient\\ -Course\\ -Plan\\ -Export\\ -Order |
+| Username | The users first and last name that caused the log entry |
+-----------------------------------------------------------------
 ===== decimal Direct =====
-==== HTTPS API Logs ====
+Users will interact with the decimal Direct website to perform certain tasks. For each logged interaction in Direct the following is recorded:
+^ Log Item ^ Description ^
+| UserID   | Internal .decimal user ID that links to a user |
+| Log Route | The API route (i.e.: action taken) for the log |
+| Parameters | The parameters of the action |
+| TimeStamp | The data time (as Eastern Time) of the action |
+See below for the outline of what user interactions are recorded.
+==== Normal User Interactions ====
+A normal user interaction includes any non-elevated user tasks that are performed. Normal user interactions that are logged include:
+^ Log Category ^ Log Event ^
+| Login (legacy non-Auth0 users only) | Login attempt |
+| ::: | Login success/fail |
+| Ordering | Order File Upload |
+| ::: | Order Placed |
+| User Preferences | Email Notifications Changed |
+| ::: | Password changed (legacy non-Auth0 users only) |
+==== Manager Interactions ====
+A manager user interaction includes any elevated user tasks that are performed by the site manager within the Management pages. Manager user interactions that are logged include:
+^ Log Event ^ Captured Data ^
+| Site Management | Site Info (address) Update |
+| Application Management | Version Change |
+| User Management | User Add |
+| ::: | User Remove |
+| ::: | User Info Edit |
+| ::: | User Permissions Edit |
+==== Application Integrations ====
+Other .decimal applications that connect to decimal Direct and .decimal logs some integration connections for diagnostic trouble shooting. These interactions include and capture:
+^ Log Event ^ Captured Data ^
+| Application Login | User |
+| ::: | Date Time |
+| ::: | Site ID |
+| ::: | Application |
+| Website Legacy User Login | User |
+| ::: | Date Time |
+| Website Auth0 User Login | User |
+| ::: | Date Time |