Parse-server: GDPR compliance

Created on 19 Feb 2019  Â·  10Comments  Â·  Source: parse-community/parse-server

TL;DR: _This feature request describes data access and modification logging which is a legal requirement that presumably 99% of app providers using Parse Server / Parse Dashboard currently fail to meet._

Is your feature request related to a problem? Please describe.
Parse Server offers data access and manipulation via its Parse Dashboard. For the dashboard to be usable in a business (or even "hobby developer") environment, Parse Server needs to comply with GDPR if it handles data of "EU users"*.

The dashboard is the main (and only?) tool of Parse Server for quick and easy manual data view and manipulation. It would be beneficial for many users if the dashboard (in connection with parse server) complied with GDPR.

Describe the solution you'd like
A mechanism that logs:

  • User login
  • Data view
  • Data manipulation (entry / modification)
  • Schema manipulation
  • ACL manipulation
  • Push sending

The easiest way would probably be to add a logging mechanism to the Parse Dashboard alone, without any modification of Parse Server, if that's possible. It should store the logs in a separate file, so these logs files can be easily dealt with according to archiving requirement of GDPR (audit-proof, etc).

Describe alternatives you've considered
Not making the dashboard GRPD compliant would render it legally unusable for aforementioned data.
Alternatives:

  • Data manipulation directly in the DB; that shifts the GDPR compliance requirement to the DB interface.
  • Create a separate app with user management and logging, essentially replicating functions of the parse dashboard.

Additional context

  • GDPR compliance requires the logging of data access and data modification (among many other things) for data of EU residents (regardless of citizenship) and EU citizens (regardless of residency). GDPR is enforceable since 25 May 2018.
feature up for grabs
Source
picture mtrezza
👍2

Most helpful comment

It won’t be closed now I’ve added the ‘help wanted’ label 🙂

picture TomWFox on 19 Aug 2019
👍2

All 10 comments

I assume that doing this at the data level (i.e. mongo logging) would not be adequate cause we don't have the user associated with the changes.

Adding to the dashboard seems reasonable to me. Would you be willing to open a pr to get it started?

acinader picture acinader on 24 Feb 2019

Logging on DB level was just meant as alternative if someone decides to not use Parse Dashboard and wants to be GDPR compliant.

Without committing to a PR at this point, I would like to start a conceptual discussion about how / where to implement it. So we can estimate the effort and someone can pick it up.

Suggestion 1 - dashboard centric

  1. parse server is initialized with parameter for log file path; can be set as environment variable
  2. dashboard logs commands it sends to the server at a central point
  3. dashboard calls function in parse server to log command
  4. parse server writes log entry to a log file as set in the parse server

Suggestion 2 - server centric

We could leverage the client key and instruct parse server to log commands of selected clients. IIRC each parse client SDK has a client key property based on which the server could identify clients and determine whether to log the command.

var api = new ParseServer({
    log: {
        clients: [
            {
                key: "parseDashboard",
                logging: true
            },
            {
                key: "customAdminClient",
                logging: true
            }
        ]
    }
});
  • We can then log direct commands like a query.find(), but also calling a cloud function that executes multiple commands with useMasterKey where we would otherwise loose track of which client triggered the commands.
  • This way a custom developed admin app could that calls for example cloud functions could also be logged. So when a business has a moderation app and deletes a user account that could be logged.
  • Because the logging would all happen server side it would be consolidated for easier audit.

I prefer suggestion 2.

mtrezza picture mtrezza on 24 Feb 2019

Even for apps that don’t require GDPR I think this is a awesome idea. I don’t have a ton of time to help with a PR but would love to weigh in on the conceptual. I would much rather see the “server centric” solution than the parse dashboard one aswell. “In theory” those with dashboard access could potentially retrieve the master key and cercumvent the dashboard logging all together. Where as, when it’s baked into parse server there isn’t any way around the logging.

mrmarcsmith picture mrmarcsmith on 17 Mar 2019
👍2

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 4 Jul 2019

don't close, open issue

mtrezza picture mtrezza on 4 Jul 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 18 Aug 2019

don't close, still relevant

mtrezza picture mtrezza on 19 Aug 2019

It won’t be closed now I’ve added the ‘help wanted’ label 🙂

TomWFox picture TomWFox on 19 Aug 2019
👍2

Stumbled across Parse Auditor, which addresses this issue. Not sure yet whether it is fully GDRP compliant.

https://github.com/Blackburn-Labs/parse-auditor

mtrezza picture mtrezza on 10 Mar 2020

Related: https://github.com/netreconlab/parse-hipaa

mtrezza picture mtrezza on 13 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

okaris picture okaris  Â·  4Comments
LtrDan picture LtrDan  Â·  4Comments
kilabyte picture kilabyte  Â·  4Comments
ViolentCrumble picture ViolentCrumble  Â·  3Comments
dcdspace picture dcdspace  Â·  3Comments