Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Authentication and Authorization are two important concepts in securing any application. Let’s start with some simple definitions. Authentication makes sure that the person accessing the system is the person he says he is. Authorization only lets you access information and complete actions that you are allowed to, based on your identity.
In QlikView, these are two distinct activities performed independent of each other. This often creates some confusion and configuration errors, so let me explain how it works. When a user gets access to QlikView it is always done in these four steps:
One of the most common misunderstandings around this is what services are part of what step in the process.
The first two steps covering authentication are handled by the web layer (i.e. QVWS or IIS). The third step is achieved by the web layer transferring the identity to the QlikView Server using the QVP protocol. The fourth step is authorization and is handled by the QlikView Server using groups resolved by the Directory Service Connector.
There are some big benefits to this approach:
The role of the Directory Service Connector in the flow is somewhat blurred by the fact that almost all QlikView components use it. The web layer, QlikView Server, QlikView Management Service, and the QlikView Publisher all use the Directory Service Connector for different things.
Most QlikView components use the Directory Service Connector for authorization or to get information about users except if custom users are used. If you use custom users, these get authenticated towards the Directory Service Connector, which in this special case stores identity and passwords for the users.
Remember, as a rule of thumb: the front end components handle authentication and the backend components handle authorization. I hope this help gives you a clearer picture of how QlikView handles authentication and authorization and which components are used in which part of the flow.
Have further questions you’d like me to answer? Leave me a comment!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.