Adabas on Linux and Windows stores the following personal data in log and audit files:
Hostname of the machine
User Identification (Local system credentials)
Therefore, so that your applications can be GDPR compliant, it is important for the Adabas administrator to be aware of the following files where personal data may be stored.
Adabas Role-based Security
Adabas Audit Trail
Adabas Command Log
Adabas Log file
It is the responsibility of the database administrator to configure and delete files containing personal data. Adabas does not provide functionality to automatically delete personal data.
To ensure that personal data is not stored, the following is recommended:
Disable logging features (when possible)
Define a schedule and procedure to delete log files
The location and configuration of the database features storing personal data are described below.
When the Adabas Role-based Security feature is enabled, the following personal data is stored in the RBAC system file as a security definition:
User Identification
This information is required and is used to determine the access privileges of a user.
Use the utility ADARBA to manage the security definitions.
When the Adabas audit trail feature is enabled, the following personal data is logged:
User Identification
Hostname of the Adabas client
Process Identification
Timestamp of Access Request
ET data
Name of the access operation and the object of the operation
The location and configuration of the audit trail is feature-specific, for further information:
Authentication and Authorization for the Adabas Direct Call
Interface
Please refer to Configuration in the
section Adabas Role-Based Security (ADARBA).
Authorization for the Adabas Utilities
Please refer to the section
Location
of Configuration and Logging Files under
Configuration of Adabas Role-Based Security in the
Adabas Extended Operations documentation.
The Audit Trail for Authorization for the Adabas Direct Call Interface is automatically enabled with the feature and cannot be disabled.
When the Adabas Command Log feature is enabled, the following personal data is logged:
User Identification
Hostname of the Adabas client
Process Identification
Timestamp
Adabas Command
When enabled, a command log file is created in the database
directory. The file is identified by the value of the environment variable
NUCCLG
. The file can have multiple extends.
The Adabas Command Log feature can be enabled or disabled via the
LOGGING
control parameter of either utility:
ADANUC
ADAOPR
Please refer to either the
ADANUC or
ADAOPR section
of the Adabas Utilities, for further information on the
LOGGING
control parameter.
When the Adabas log feature is enabled, the following personal data is logged:
User Identification
Process Identification
Timestamp
Name of the Adabas Utility with the requested function
The configuration file ADABAS.INI contains the location and configuration of the Adabas log file.
By default, the file name is $ADADATADIR\etc\ADABAS.LOG. The logging functionality is configured using the topic NODE_PARAMETER and its subtopics:
Subtopic | Description |
---|---|
ANALYSER | Enable the Adabas Extended Operations (AEO) feature |
LOGGING | The Adabas log file is configured with
the items:
|
ARCHIVE_LOGFILE | Enables the archiving of the Adabas log file |
ALERT | The Adabas log file entry can be
processed by an alert routine. This is enabled and configured with the items:
|
Please refer to the section ADABAS.INI under Configuration Files in the Adabas Extended Operations documentation, for further information on the location and configuration of the Adabas log file.