https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627032#M1301010 <HTML><HEAD></HEAD><BODY><P>I would say it´s a matter of planning and administrate..</P><P>As suggested, if someone has access to Administrator account, and put script varibles in load statements, that is not suppose to be done, for security reasons, then I would say that you have to see over your planning for folder security.</P><P></P><P>But you could run a batch/vbs script, execute it with a Sales vs Campaign user calling Qv.exe instead of running it with QlikView Distribution Service</P></BODY></HTML> Mon, 12 May 2014 08:15:42 GMT 2014-05-12T08:15:42Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627024#M1300988 <HTML><HEAD></HEAD><BODY><P>Is it possible to run QV Publisher tasks under different users.&nbsp; The reason i am asking this is the following :</P><P></P><P>For instance we have 2 domains : Marketing and Sales.&nbsp; Users from Sales are<BR />not allowed to access certain Marketing info.&nbsp; But as a consequence of the<BR />fact that all the Publisher tasks run with the same user, there is no<BR />possibility to do this.&nbsp; Actually, if the sales people know the name and<BR />location of the Marketing data, they can use this path in their script and<BR />schedule it in the publisher.&nbsp; The publisher runs this task with the<BR />global machine user, which runs also tasks for finance, and has access to as<BR />well the Sales as the marketing data.&nbsp; </P><P>&nbsp; </P><P>This seems to be a security leak to me, because in this way users can see data, they are not allowed to!</P><P>&nbsp; Is there any solution for this or am i working in a wrong way?</P><P></P><P>Regards</P><P>Sven</P></BODY></HTML> Mon, 26 Jan 2026 18:19:17 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627024#M1300988 2026-01-26T18:19:17Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627025#M1300991 <HTML><HEAD></HEAD><BODY><P>Why should the users other than the QlikView Administrators have access to the QMC to reschedule Publisher tasks?</P></BODY></HTML> Thu, 08 May 2014 13:35:25 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627025#M1300991 simondachstr 2014-05-08T13:35:25Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627026#M1300995 <HTML><HEAD></HEAD><BODY><P>Hi Martin</P><P></P><P>Even if it is the Qlmikview admin, also then it doesn't seem normal to me that a task scheduled for Sales can access any Marketing data, even if Sales has no rights to this data</P><P></P><P>Thanks for your quick reply</P></BODY></HTML> Thu, 08 May 2014 13:39:46 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627026#M1300995 2014-05-08T13:39:46Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627027#M1301000 <HTML><HEAD></HEAD><BODY><P>A task does not have access to data - a QlikView Application has. The task simply reloads and if necessary distributes/publishes the qvw file.</P><P></P><P>Are you aware of the Section Access feature with the "Initial data reduction based on section access" option? I believe this should cover your concerns.. Attached you can find a useful introduction section access.</P></BODY></HTML> Thu, 08 May 2014 13:49:32 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627027#M1301000 simondachstr 2014-05-08T13:49:32Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627028#M1301004 <HTML><HEAD></HEAD><BODY><P>Ok the task simply reloads, but imagine that we have 3 users :</P><P>AdminU (=the Qlikview Admin user who runs the tasks)</P><P>SalesU (=A user from sales)</P><P>MarkU (= User from Marketing)</P><P></P><P>AdminU as QV admin has rigths to ProductsSold.qvd AND Campaigns.qvd</P><P>SalesU only to ProductsSold.qvd</P><P>MarkU only to Campaigns.qvd</P><P></P><P>Then, considering the script below ... if we run this script with user AdminU, then we are able to access Campaigns.qvd, even if this application was built by SalesU :</P><P></P><P></P><P><SPAN style="font-size: 8pt;">Sales:</SPAN></P><P><STRONG style=": ; color: #0000ff; font-size: 8pt;">LOAD</STRONG><SPAN style="font-size: 8pt;">&nbsp;&nbsp; * <BR /></SPAN><SPAN style="font-size: 8pt;"> </SPAN><SPAN style="color: #0000ff; font-size: 8pt;">FROM</SPAN><SPAN style="font-size: 8pt;"> <C> (</C></SPAN><SPAN style="color: #0000ff; font-size: 8pt;">qvd</SPAN><SPAN style="font-size: 8pt;">); </SPAN></P><P></P><P><SPAN style="font-size: 8pt;">Marketing:</SPAN></P><P><STRONG style=": ; color: #0000ff; font-size: 8pt;">LOAD</STRONG><SPAN style="font-size: 8pt;">&nbsp;&nbsp; * <BR /></SPAN><SPAN style="font-size: 8pt;"> </SPAN><SPAN style="color: #0000ff; font-size: 8pt;">FROM</SPAN><SPAN style="font-size: 8pt;"> <C> (</C></SPAN><SPAN style="color: #0000ff; font-size: 8pt;">qvd</SPAN><SPAN style="font-size: 8pt;">); </SPAN></P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 08 May 2014 14:05:06 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627028#M1301004 2014-05-08T14:05:06Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627029#M1301006 <HTML><HEAD></HEAD><BODY><P>The following sentence confuses me:</P><P>On the one hand you are saying "AdminU as QV admin has rigths to ProductsSold.qvd AND Campaigns.qvd" and on the other hand it suprises you "if we run this script with user AdminU, then we are able to access Campaigns.qvd, even if this application was built by SalesU".</P><P></P><P>Have you considered working with Folder security instead?</P></BODY></HTML> Thu, 08 May 2014 15:06:27 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627029#M1301006 simondachstr 2014-05-08T15:06:27Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627030#M1301008 <HTML><HEAD></HEAD><BODY><P>Martin</P><P></P><P>If we use AdminU as QDS-account (QDS : Qlikview Distribution Service), then we MUST give AdminU access to both QVDs because he runs tasks as wel for Sales as for Marketing.</P><P></P><P>And that's the whole problem.&nbsp; SalesU can put this in his script :</P><P><SPAN style="font-size: 8pt;">Marketing:</SPAN></P><P><STRONG style="color: #0000ff; font-size: 8pt;">LOAD</STRONG><SPAN style="font-size: 8pt;">&nbsp;&nbsp; * <BR /></SPAN><SPAN style="font-size: 8pt;"> </SPAN><SPAN style="color: #0000ff; font-size: 8pt;">FROM</SPAN><SPAN style="font-size: 8pt;"> <C> (</C></SPAN><SPAN style="color: #0000ff; font-size: 8pt;">qvd</SPAN><SPAN style="font-size: 8pt;">);</SPAN></P><P></P><P></P><P><SPAN style="font-size: 8pt;">And although he does not have access to this data, he will be able to retrieve the data because the job in the publisher is executed by the AdminU account.&nbsp; That's my question, can we run scheduled tasks at night on a server (via the publisher) with the rigths of the user who created this task instead of that 1 user who executes all the tasks</SPAN></P></BODY></HTML> Thu, 08 May 2014 15:16:57 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627030#M1301008 2014-05-08T15:16:57Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627031#M1301009 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P>You can use NTFS security, so even if&nbsp; for example a Marketing user tries to reload info taken from a Sales QVD, he won't be able to do it. Also you may want to give it a check to <A href="https://community.qlik.com/group/1224">QlikView Deployment Framework</A> which is a group where you can find documentation of how to deploy QlikView in an enterprise environment,</P><P></P><P>regards</P></BODY></HTML> Thu, 08 May 2014 16:03:16 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627031#M1301009 jaimeaguilar 2014-05-08T16:03:16Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627032#M1301010 <HTML><HEAD></HEAD><BODY><P>I would say it´s a matter of planning and administrate..</P><P>As suggested, if someone has access to Administrator account, and put script varibles in load statements, that is not suppose to be done, for security reasons, then I would say that you have to see over your planning for folder security.</P><P></P><P>But you could run a batch/vbs script, execute it with a Sales vs Campaign user calling Qv.exe instead of running it with QlikView Distribution Service</P></BODY></HTML> Mon, 12 May 2014 08:15:42 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627032#M1301010 2014-05-12T08:15:42Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627033#M1301011 <HTML><HEAD></HEAD><BODY><P>Hi Sven,</P><P></P><P>Take a look at the attached. I am sure this will help you on what you want to do.</P><P></P><P>Bill</P></BODY></HTML> Mon, 12 May 2014 11:56:16 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627033#M1301011 Bill_Britt 2014-05-12T11:56:16Z https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627034#M1301012 <HTML><HEAD></HEAD><BODY><P>Hi Sven - I follow what you are saying.&nbsp; How did you end up handling the situation you described?</P><P></P><P>Kyle</P></BODY></HTML> Wed, 04 Feb 2015 19:59:36 GMT https://community.qlik.com/t5/QlikView/security-issue-in-the-QV-PUBLISHER/m-p/627034#M1301012 Anonymous 2015-02-04T19:59:36Z