topic Re: Secure call to root container LCGV or DCGV in Archived Groups

Secure call to root container LCGV or DCGV

ali_hijazi — Tue, 22 Jul 2025 17:59:49 GMT

Hello

I need help figuring out how to accomplish the following:

We have 2 root containers: RC1 and RC2

Is there a way to prevent developers from other than team1 to make DCGV calls to RC1? Or LCGV in case the container we want secure is in the same root container

Re: Secure call to root container LCGV or DCGV

thomasmaure — Tue, 10 Jun 2025 08:10:10 GMT

Hello,

QDF has no security features and relies on NAS access right as well as Qlik data connection access.

When calling DCGV , you pass the path to the root container via a folder data connection
call DCGV('lib://QDF_ROOT_1/10.RC1','', 'RC1');

The DCGV statement works only if developers have the right to use the QDF_ROOT_1 folder data connection and read access to the folder.

However, I think this is valid only is reload is performed by developer. As soon as app reload is scheduled, the reload is executed by the scheduler service which in most cases has full visibility on all NAS and data connections...
So to make the restriction really effective you need to forbid developers to create tasks and let this activity to trustable persons that would verify the script does not violate your security rules.
Hope this helps .

Re: Secure call to root container LCGV or DCGV

ali_hijazi — Tue, 10 Jun 2025 08:24:38 GMT

Hello
thank you for your prompt replies
well yes for reloads performed by developers it's good to forbig them from connecting to a root container

Re: Secure call to root container LCGV or DCGV

thomasmaure — Tue, 10 Jun 2025 09:01:56 GMT

What I tried to explain is that QDF is just a framework to support the use of containers which are units enabling to structure consistently script code, configuration files and data files in a single place.

It helps for many aspects such as team development, code sharing between apps, versioning or app migration between instances but it does not deals with security and for these aspects you are left with what Qlik proposes.