Re: Qlikview AD or DMS authorisation? - Page 2 - Qlik Community

Anonymous · ‎2011-05-24

At this moment we are using the AD for the authorisation in Qlikview.

We only have one problem at this moment ... we cannot change the AD authorisation ourselves, another departement (ICT) is responsible for AD changes company wide (so also for our Qlikview AD). So if we have changes (new user/document etc) this means we have to ask ICT to make these changes in AD. The problem here is that we often have changes and ICT says its a really big amount of work to change the AD.

I saw that there is also the possibility to use DMS authorisation in which the Qlikview itself manages the file system of Qlikview ...

Does anyone have experience with DMS authorisation? Is this easy to use and not a lot of work?

I also have the question if Qlikview is better of using AD or DMS authorisation?

rgrds,

Anita

danielrozental · ‎2011-05-24

You add users or groups like the image shows, DOMAIN\USER.

If you have QV10 you can track autorizations made in the "USERS" tab where you can search users and check what authorizations they have.

Anonymous · ‎2011-05-24

That's clear ... but I'm afraid we lose control of which person is authorised to see what qlikview applications ...

When using AD and DMS both I think it's pretty easy to lose control in this way ...

danielrozental · ‎2011-05-24

As I said in my previous post, with QV10 "USERS" tab you can see what documents a user has authorization to.

If you're still with QV9 or don't feel that's enough for you then you should probably leave it as it is, with NTFS security.

Anonymous · ‎2011-05-24

We're still with QV9 ... end of the year we plan to go over to QV10 ...

Good to know QV10 has a tab "USERS" which contains some sort of overview!!

thx

Troy1 · ‎2015-06-09

Hi Anita

What did you decide to do, did you move to DMS?

We are facing the same issue with AD, where creating & modifying groups resides in different department and takes lot longer.

Another issue I see with DMS is that when you change the version of dashboard, you will have to reassign all the users, in our case 400 users. is there a work around?

petter · ‎2015-06-09

It is important that one keep the two terms apart:

- Authentication

Who am I / Who is the user - identification - just a valid identification - this is what AD does

- Authorization

What can be accessed / What can the user access - for authorization to be enforced it has to know

the identity of the user that must be passed on by the identity provider - which could be AD.

NTFS with the help of AD and DMS with the help of AD and or other directories provides this.

It is advised that you read the technical papers and white papers that are available from Qlik to fully understand the concepts before you implement changes.

petter · ‎2015-06-09

Authentication and Authorization

Anonymous · ‎2015-06-11

We kept using AD authorisation and authentication.

With QV11 we started using a seperate development and production server. We deploy the QVW's to the production server, and with that step we do the AD authorisation ... we specify which users the QVW should be deployed for.

We can do this ourselvers with the QV management console.

Troy1 · ‎2015-06-11

Can you provide more details. Are you using local groups to resolve authorization.

Anonymous · ‎2015-06-15

We don't use AD-groups but authorize on AD-user.

We deploy the QlikView to our Production environment, and with this step we authorize the AD-user.

In the QEMC, Documents->Source Documents, select the QVW task.

On the tab 'Distribute' use the 'Distribute to Folder' (fill in the correct path).

The 'User Type' should be 'Named Users' ... select the user icon to add / remove users from the distribution list.

This distribution list authorizes the users/groups you select to use the distributed QVW.