Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-02-15 12:50 PM

'QlikView Administrators' server local group audit or workings

Hey everyone,

I spent some time searching on the forum, but couldn't get to an answer on what I'm looking for.

Basically, we're being asked by auditors how does QlikView knows that the administration is only supposed to be done by those in the 'QlikView Administrators' group on the local server user & group area of the management console. I went over the QlikView Reference Manual and couldn't find any mention of this there either...

We have already answered questions about the AD config and the way applications access is done, but we couldn't show them (auditors) any evidence of the above question.

Has any of you heard or know how this works or can be proven?

Here's a reference to a post with a related question, but this one is only on the surface and about the difference between the group in question here and local server admins: QlikView Admins vs Local Admins

Thanks in advanced!

Alex

1,789 Views
0 Likes
1 Solution

Accepted Solutions
tresesco
MVP
MVP
‎2016-02-16 02:38 AM

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

View solution in original post

1,084 Views
5 Replies
gregortvw
Contributor III
Contributor III
‎2016-02-16 02:25 AM

Hello Alex,

you can also try this post, it's also related to your question. Group Names in User Management?

Another question is about security audit.

If you have QV-Admin rights for the server, worst case, you can obtain access to all apps in the qmc, exepting those one with section access.

Regards

1,084 Views
0 Likes
Anonymous
Not applicable
‎2016-02-16 02:30 AM
Author

may get some evidence from Qliktech Support?

1,084 Views
tresesco
MVP
MVP
‎2016-02-16 02:38 AM

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

1,085 Views
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2016-02-16 06:50 AM

Well, this is basic Windows Access Control. The QMC is a proprietary web site that restricts access to its pages to members of the local QlikView Administrators group only (or in a limited fashion to Document Administrators). Is your Windows account not a member of this group, then you won't get in. Every Windows AD account that is a member of this group will be able to open the QMC and do whatever they feel like.

The QlikView Management Service (that is managing the web site and displaying the pages) doesn't do this by relying on NTFS file permissions, but instead contains code that actively monitors & manages authorizations and restricts access to whatever accounts are either member of this QlikView Administrators group (full QMC access), or have been assigned the role of Document administrators (limited QMC access. See QMC->System->Setup->Distribution Serices->Your QDS->General->Source Folders)

Peter

1,084 Views
Not applicable
‎2016-02-18 03:43 PM
Author

In response to tresesco

Thank you tresesco! this should be perfect.

1,084 Views
0 Likes