Security implementation on application distributed... - Qlik Community

Report Inappropriate Content · ‎2011-06-30

Dear all,

I am trying to reduce and distribute a qlikview application using publisher and the distribution works fine.I have implemented security based on NTName and Password using section access on the application and im using DMS mode of authentication on the server.

The problem is when the user tries to access the distributed application through access point they are being asked for user id and password, but i am using section access to implement security on the application.

Along with the distributed applications there are 2 other applications which are not reduced/distributed and the users are able to access them without having to enter user id and password.My doubt is why is that only for distributed applications users are prompted for id and password ? Section access does not apply on distributed applications ? Kindly help me resolve this issue.

Thanks in advance!

Punar

bnichol · ‎2011-06-30

How do you have security configured for the 3 applications? I presume the 2 that users aren't prompted for authentication are set with anonymous.

In AccessPoint, who is identified as "Logged in as:"? If you are using DMS, the user is probably identified as anonymous.

What server, version, and client are you using?

B

Miguel_Angel_Baeyens · ‎2011-06-30

Hello Punar,

NTNAME and PASSWORD fields are incompatible in the same record of section access. NTNAME takes the credentials either when the user types them in the dialog or when they are passed directly (because of server configuration, for example) to the Server.

Try removing the PASSWORD field and see if that behaves as expected.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Report Inappropriate Content · ‎2011-06-30

Hi bnichol,

Yes you are right, the two applications that does not prompt for user id and password are with anonymous.

In the access point the users are identified as themselves only, not anonymous.

We are using QlikView Server 10.2 with IE plugin.The other difference between the application is this one is distributed.

Thanks

Punar

Report Inappropriate Content · ‎2011-06-30

Hi bnichol and Miguel,

I forgot to mention one thing, there are 2 admin users.When they try accessing the distributed applications they are not prompted for user id and password , does the role have any significance on this ?

Punar

Miguel_Angel_Baeyens · ‎2011-06-30

Hello Punar,

That shouldn't affect, in any way other than that they have their browsers set up to pass their credentials without being prompted. Apart from that, section access applies for all, although they are allowed to see all records with no reduction.

Anyway it all depends on how you have your section access, if you are using some "*" as value for their PASSWORD field or something.

Regards.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Report Inappropriate Content · ‎2011-06-30

Hi Miguel,

Oh yes i am using * for the password and userid fields, will that be a problem ? But i still dont understand why this happens only on distributed applications ? Will section access be considered after distribution ?

Thanks

Punar

Miguel_Angel_Baeyens · ‎2011-06-30

Hello Punar,

In version 10, Section Access is taken into account by the Publisher and the distribution tasks. Depending on what you want to get, though, it might make no sense. Say that you want to distribute by employee. The distribution tasks is already reducing data, so a section access here is useless, since the user already gets the document with only the data he or she can see.

Using the "*" is not a problem if you use it carefully (otherwise you can grant access to more users than intended).

Anyway, a sample of your section access script would help us to understand better your issues.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Security implementation on application distributed using publisher