Troubleshooting

The GDPR add-on is quite big, and lot's of thing can go wrong. There are some typical things to check before going through the Q/As below:

• Read the installation manual thoroughly
• Always use the latest downloads of Bootstrap apps
• Click the Save button in the web client→ to validate that the auto configuration is correct
• Make sure there’s an impersonated user set in the config
• Lime Bootstrap must be 1.12 or newer and completely installed
• The impersonated user must have access to all tables that are configured (double check in Lisa)
• Unauthorized errors most probably means there's an authorization problem - eg the current uses can't access one of the configured tables

FAQ

Configuration / general

Can I use GPDR with other tables than person, eg company?

Yes, you can, Go to Lime Admin and copy the configuration for person, and change table and field names accordingly.

What lime-server version is required? Do I really have to upgrade?

12.41 or newer is required. Some stuff was added to the server to support GDPR.

An annoying certificate dialog is shown when logging in, and possibly on other occasions

A valid certificate, eg not self-signed, is required.

I’ve upgraded the Lime server but can’t log in to the admin section of the web client (a red error message pops up), hence I can’t configure GDPR

Could be because the database is missing the history and todo tables. The web client requires those. Solution is to add the two tables.

BUG (fixed in server 12.46): Creating Excel doesn't work from the Actionpad or the portal

1. The base table or one of the relations are longer than 31 characters

2. The base table or one of the relations contains the following illegal characters:

\ / * [ ] : ?

What desktop version do I need?

A fairly modern one. Login must be done with HTTPS or Hosting. DCOM is not supported anymore. Logging in with DCOM makes all urls use http, but only https is supported for the REST api.

What's the syntax of the config called (0.x)?

YAML. Since 1.0 the configuration is written in JSON.

What does disable_save do?

It's for testing, normally it should be set to false. If set to true, anonymization and other stuff are not actually saved to the database. It's good to have when testing anonymization in the portal.

How is the default config generated? Do I use names or labels?

1.x: It can be generated with a custom endpoint that uses a mix of property labels and names. See Configuration for more info.

0.x: The first time you go into the web client to configure the GDPR-portal, a default config is automatically generated using a config template. A config always uses the table and property names. However, the default config was generated searching for a mix of labels and names. It searches for tables with the label “person” and related tables with the labels “history, participant, document” and so on. Properties are also found by labels, eg “firstname” and “primaryemailaddress”. Since some labels don't exist, it also searches for named tables and properties such as the consent tables and the position property on the person table. This means that for a core setup, a quite good default config will be generated, but it's always up to the consultant to tweak it adding or removing tables and/or properties.

The default config is just an empty list []

There's no table with the Person label. The code needs the label as a starting point for generating the config.

Error codes

500 Server error

Error code 500 means that something probably went very wrong, eg a crash. Check the server log.

401 Unauthorized

Unauthorized is typically caused by the fact that the current user doesn't have access to all tables and properties that are in the configuration. Double check the permissions in LISA and make sure there's no record access on any of the tables in the GDPR and Consent configurations. Check the server log.

Web component

The web client reloads when trying to create a token

Due to a breaking change in the web client, checking for a token will cause the whole web client to reload. Solution is to upgrade to GDPR 3.8.5 or newer.

The web component is not visible in the web client

Most commonly caused by one of the following configuration errors:

• No user groups are set in the client_permissions in the GDPR configuration.
• The web component has not been added to the object card configuration in Lime admin.

Actionpads

Download personal information as an Excel file or a JSON file does not work

Make sure you are running the latest version of the package, also remember to replace the LBS apps.

The Actionpad actions are visible for the correct user groups, but an Unauthorized error is shown when clicking

From 3.8.0 the Client permissions must be set in Lime Admin (and mirror the ones set for the Actionpad). See Upgrading to 3.8.x for more information.

BUG (fixed in AP 0.4.0): The app name has exotic characters like å, Ä, ñ and the Actionpads don't work

It's due to a missing url encoding when calling some endpoints. Fix it by updating the Actionpad.

BUG (fixed in 12.46): All Bulk actions in the index Actionpad only works for Administrators, even though there are no policies on the table. The log file states something like 'Unauthorized: READ on “person” is not allowed for user “llabuser”!'

This is a bug that is fixed in the next server release. The bug is actually in the server code and not the Actionpad code.

The Actionpads look weird

Lime Bootstrap must be version 1.12 or later. Otherwise checking if the logged in user has the right to see the GDPR Actionpads is not possible. Also, one or more icons will be missing since Font Awesome was updated in 1.12

A spinner spins in the center of the Actionpad

Update Lime Bootstrap, and make sure that it really is completely upgraded.

BUG (fixed in AP 0.4.0): The consent app is just a blue window

1. No consent types exist. This is an alert in newer versions.

2. consent_tables in config is not configured (looks like consent_tables: []). In case you tried the portal before adding the tables, the autogenerated config didn't find the consent table. These are the default settings, they're ok to copy:

consent_tables:
  - approved: approved
    backreference: consent
    date: date
    defaultsource: coworker
    defaultsourcetoken: portal
    name: consent
    note: note
    relation: person
    source: source
    type: consenttype
    type_active: active
    type_default: default
    type_description: description
    type_readonly: readonly
    type_title: title

Nothing happens when trying to do things from the Actionpad

Check that the anonymizeddate and expireddate fields exist on the table, they’re currently not validated. Will be fixed in the next version.

The email link in the Actionpad only works with the person table, not with the company table

The email functionality is currently hardcoded for the person table. Open VBA, find the sub MailPortalLink in the GDPR module. Find the condition:

If Globals.VerifyInspector("person", oInspector, True) Then
...
End If

Copy it and edit it change person to company. Also change True to False. And of course, edit the content of the email. You will probably have to change things like:

oInspector.Record.Value("email")

to match the actual field names on the card.

The email link creates an email that states that "ERROR! String not found."

BUG (in LIP): The LIP package has failed to install (some) Localizations. There should be at least three GDPR records in the Localize table. You can manually import them from legacy/lip/resources/GDPR_localizations.csv using the Import tool in the Lime Desktop client.

I can't create a token/do something else from the Actionpads even though everything looks fine

The GDPR add-on and other REST-based stuff will not work if you try to read a property that doesn't have a localization for the current language. Eg - if you only work with Lime CRM in Swedish and have the other languages removed in LISA, don't log in to the Desktop client with English as your language setting.

Creating portal URL, Excel and JSON works, but setting the Anonymization date and anonymizing does not

Check the server log, if the error is something like below, there might be triggers on the table which are not supported by the Python API when creating/updating records.

sqlalchemy.exc.ProgrammingError: (pyodbc.ProgrammingError) ('42000', "[42000] [Microsoft][SQL Server Native Client 11.0][SQL Server]The target table 'person' of the DML statement cannot have any enabled triggers if the statement contains an OUTPUT clause without INTO clause.

Portal

The portal link works, and the portal opens, but Error 401 or 422 is displayed

Most probably because the impersonate user doesn't have access to one or more of the related or consent tables. Check in LISA, or temporarily delete the "-related tables" node in the configuration, reload and see if it helps.

I get a 500 server error

1. BUG, fixed in server 12.46 You have a set or html field in your config. 12.46 and newer supports more field types.

2. Check the logs in %programdata%\Lundalogik\LIME Pro Server\Web Server\logs

3. replacewith is longer than the amount of characters allowed on one of the fields. Set a separate replacewith value for the particular field that is within the allowed length.

BUG (fixed in server 12.46): Some text fields do not appear in the portal, but they're visible in an exported Excel sheet

Update the Lime server to get a newer GDPR add-on.

BUG (fixed in server 12.46): Options configured as readonly can be changed in the portal

They options were fortunately never saved by the back end, even though it looked like it. Update the Lime server to get a newer GDPR add-on.