Accessing a user's search history
up vote
4
down vote
favorite
It seems as though one of the members of my organization has used their access to our contact information in a way that they shouldn't have. I've been tasked with proving that they searched for, and accessed the email addresses of contacts and then copied or exported this information.
Is it possible to find a record of "who searched what" in drupal CiviCRM? I am open to either using the interface or mysql backend directly.
search
asked Dec 5 at 15:44
namgo
333
add a comment |
up vote
4
down vote
favorite
It seems as though one of the members of my organization has used their access to our contact information in a way that they shouldn't have. I've been tasked with proving that they searched for, and accessed the email addresses of contacts and then copied or exported this information.
Is it possible to find a record of "who searched what" in drupal CiviCRM? I am open to either using the interface or mysql backend directly.
search
asked Dec 5 at 15:44
namgo
333
add a comment |
up vote
4
down vote
favorite
up vote
4
down vote
favorite
It seems as though one of the members of my organization has used their access to our contact information in a way that they shouldn't have. I've been tasked with proving that they searched for, and accessed the email addresses of contacts and then copied or exported this information.
Is it possible to find a record of "who searched what" in drupal CiviCRM? I am open to either using the interface or mysql backend directly.
search
asked Dec 5 at 15:44
namgo
333
It seems as though one of the members of my organization has used their access to our contact information in a way that they shouldn't have. I've been tasked with proving that they searched for, and accessed the email addresses of contacts and then copied or exported this information.
Is it possible to find a record of "who searched what" in drupal CiviCRM? I am open to either using the interface or mysql backend directly.
search
search
asked Dec 5 at 15:44
namgo
333
asked Dec 5 at 15:44
namgo
333
asked Dec 5 at 15:44
namgo
333
asked Dec 5 at 15:44
namgo
333
asked Dec 5 at 15:44
namgo
333
333
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
5
down vote
accepted
CiviCRM does not store information of who accessed what, for better and worse.
If you have the advanced logging turned on, you can see changes users made. The CMS may have a record of when they last accessed the site, if that's helpful. There's also an extension that adds a permission to restrict exports. While any of those might be helpful, none are what you're looking for, because it doesn't exist - sorry!
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
add a comment |
up vote
2
down vote
While there isn't a way to do it using native Civicrm - you might be able to get close using webserver logs - depends on how your server is set up and if they are still available for the time period concerned, and if the person was accessing the site from a location that no other users were, or will be identifiable by their user agent in combination with IP address. If they are using the same browser as everyone else and have done this on site then this solution isn't going to work.
Assuming your webserver logs ip address and uri (including parameters), and that the person accessing it is going to be identifiable via a unique IP address, or user agent or combination.
If it is recent you could use check the drupal watchdog table to look for ip addresses associated with the user. Then depending on what information is in your webserver you could use that to identify which requests have been made by that user.
If your webserver logs contain the full uri - including url parameters - then you should be able to filter down on pages at /civicrm/ (Assumming there is no ability to view/export contacts via drupal views). Specific types of pages in civi have the same base uri - with different parameters for different records. Run the steps you are looking for then look in the log to identify what shows.
answered Dec 5 at 20:04
Luke Stewart
37812
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
CiviCRM does not store information of who accessed what, for better and worse.
If you have the advanced logging turned on, you can see changes users made. The CMS may have a record of when they last accessed the site, if that's helpful. There's also an extension that adds a permission to restrict exports. While any of those might be helpful, none are what you're looking for, because it doesn't exist - sorry!
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
add a comment |
up vote
5
down vote
accepted
CiviCRM does not store information of who accessed what, for better and worse.
If you have the advanced logging turned on, you can see changes users made. The CMS may have a record of when they last accessed the site, if that's helpful. There's also an extension that adds a permission to restrict exports. While any of those might be helpful, none are what you're looking for, because it doesn't exist - sorry!
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
add a comment |
up vote
5
down vote
accepted
up vote
5
down vote
accepted
CiviCRM does not store information of who accessed what, for better and worse.
If you have the advanced logging turned on, you can see changes users made. The CMS may have a record of when they last accessed the site, if that's helpful. There's also an extension that adds a permission to restrict exports. While any of those might be helpful, none are what you're looking for, because it doesn't exist - sorry!
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
CiviCRM does not store information of who accessed what, for better and worse.
If you have the advanced logging turned on, you can see changes users made. The CMS may have a record of when they last accessed the site, if that's helpful. There's also an extension that adds a permission to restrict exports. While any of those might be helpful, none are what you're looking for, because it doesn't exist - sorry!
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
answered Dec 5 at 16:38
Jon G - Megaphone Tech
25.2k11767
25.2k11767
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
add a comment |
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Should I make another post for who viewed what, in place of who searched for what, or would you be able to answer this in the comments?
– namgo
Dec 5 at 17:09
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
Per Jon's comment, Civi does not have the capacity to store data about who viewed what in the database.
– Lesley Carter - BackOffice
Dec 5 at 18:38
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
It should be possible to implement this as a feature in an extension - definitely for exports saving the user, timestamp + query and/or list of contact ids exported + and number of rows would be a great start. Having a copy of the file on hand might require too much space - and additional issues when you think about GDPR compliance etc.
– Luke Stewart
Dec 5 at 22:07
add a comment |
up vote
2
down vote
While there isn't a way to do it using native Civicrm - you might be able to get close using webserver logs - depends on how your server is set up and if they are still available for the time period concerned, and if the person was accessing the site from a location that no other users were, or will be identifiable by their user agent in combination with IP address. If they are using the same browser as everyone else and have done this on site then this solution isn't going to work.
Assuming your webserver logs ip address and uri (including parameters), and that the person accessing it is going to be identifiable via a unique IP address, or user agent or combination.
If it is recent you could use check the drupal watchdog table to look for ip addresses associated with the user. Then depending on what information is in your webserver you could use that to identify which requests have been made by that user.
If your webserver logs contain the full uri - including url parameters - then you should be able to filter down on pages at /civicrm/ (Assumming there is no ability to view/export contacts via drupal views). Specific types of pages in civi have the same base uri - with different parameters for different records. Run the steps you are looking for then look in the log to identify what shows.
answered Dec 5 at 20:04
Luke Stewart
37812
add a comment |
up vote
2
down vote
While there isn't a way to do it using native Civicrm - you might be able to get close using webserver logs - depends on how your server is set up and if they are still available for the time period concerned, and if the person was accessing the site from a location that no other users were, or will be identifiable by their user agent in combination with IP address. If they are using the same browser as everyone else and have done this on site then this solution isn't going to work.
Assuming your webserver logs ip address and uri (including parameters), and that the person accessing it is going to be identifiable via a unique IP address, or user agent or combination.
If it is recent you could use check the drupal watchdog table to look for ip addresses associated with the user. Then depending on what information is in your webserver you could use that to identify which requests have been made by that user.
If your webserver logs contain the full uri - including url parameters - then you should be able to filter down on pages at /civicrm/ (Assumming there is no ability to view/export contacts via drupal views). Specific types of pages in civi have the same base uri - with different parameters for different records. Run the steps you are looking for then look in the log to identify what shows.
answered Dec 5 at 20:04
Luke Stewart
37812
add a comment |
up vote
2
down vote
up vote
2
down vote
While there isn't a way to do it using native Civicrm - you might be able to get close using webserver logs - depends on how your server is set up and if they are still available for the time period concerned, and if the person was accessing the site from a location that no other users were, or will be identifiable by their user agent in combination with IP address. If they are using the same browser as everyone else and have done this on site then this solution isn't going to work.
Assuming your webserver logs ip address and uri (including parameters), and that the person accessing it is going to be identifiable via a unique IP address, or user agent or combination.
If it is recent you could use check the drupal watchdog table to look for ip addresses associated with the user. Then depending on what information is in your webserver you could use that to identify which requests have been made by that user.
If your webserver logs contain the full uri - including url parameters - then you should be able to filter down on pages at /civicrm/ (Assumming there is no ability to view/export contacts via drupal views). Specific types of pages in civi have the same base uri - with different parameters for different records. Run the steps you are looking for then look in the log to identify what shows.
answered Dec 5 at 20:04
Luke Stewart
37812
While there isn't a way to do it using native Civicrm - you might be able to get close using webserver logs - depends on how your server is set up and if they are still available for the time period concerned, and if the person was accessing the site from a location that no other users were, or will be identifiable by their user agent in combination with IP address. If they are using the same browser as everyone else and have done this on site then this solution isn't going to work.
Assuming your webserver logs ip address and uri (including parameters), and that the person accessing it is going to be identifiable via a unique IP address, or user agent or combination.
If it is recent you could use check the drupal watchdog table to look for ip addresses associated with the user. Then depending on what information is in your webserver you could use that to identify which requests have been made by that user.
If your webserver logs contain the full uri - including url parameters - then you should be able to filter down on pages at /civicrm/ (Assumming there is no ability to view/export contacts via drupal views). Specific types of pages in civi have the same base uri - with different parameters for different records. Run the steps you are looking for then look in the log to identify what shows.
answered Dec 5 at 20:04
Luke Stewart
37812
answered Dec 5 at 20:04
Luke Stewart
37812
answered Dec 5 at 20:04
Luke Stewart
37812
answered Dec 5 at 20:04
Luke Stewart
37812
37812
add a comment |
add a comment |
Thanks for contributing an answer to CiviCRM Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcivicrm.stackexchange.com%2fquestions%2f27592%2faccessing-a-users-search-history%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
