Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi All,
Lets say we have a Multi Node Qlik Sense Production environment with Development Node and consider some Business admins are provided access in Development Node to extract data and create their own QVD's and QS apps for their analysis, how Qlik ensures (or how security is being applied) that files created by a Business Admins is not available for others?
Thanks,
Karthick V.
Trying to understand your question and some clarification is needed:
1. Will these Business Admins have access to the DEV server itself (via VPN, for example)?
2. Or they just have an access to DEV Hub?
3. If the latter, you can create a separate folder connectors and force different BA to use one(s) accessible to them (you can do it via Connector's Security rules)....
If they can access the system directly, you need to implement some folders' access rules on Windows level...
Regards,
Vlad
P.S. When applicable, please mark this answer Correct or Helpful.
Trying to understand your question and some clarification is needed:
1. Will these Business Admins have access to the DEV server itself (via VPN, for example)?
2. Or they just have an access to DEV Hub?
3. If the latter, you can create a separate folder connectors and force different BA to use one(s) accessible to them (you can do it via Connector's Security rules)....
If they can access the system directly, you need to implement some folders' access rules on Windows level...
Regards,
Vlad
P.S. When applicable, please mark this answer Correct or Helpful.
Hi Vladimir,
Many thanks for your response. . It makes sense and helps.
I am having the below 2 questions now,
1) Where should this security enabled ? With the Shared persistence in place where will the files(QVDs and QVFs) stored physically (Development Node or Central Node)?
2) With the help of QMC will the BA's be able to distribute the file for other users to access (Only the files they have created) ?
PS: With the clarification to the above 2 queries, I will be completely clear and I can mark your answer as complete\correct.
Thanks a bunch in advance,
Karthick V.
Hi Karthick,
Looks like you are trying to "link" DEV and PROD system into one unit... I would strongly advise against that.
These systems should be completely separate and NO ONE (except the PROD ADMIN) should be migrating apps, QVDs, etc between these systems, IMHO.
In your case, you should just use a DEV system and your BA should develop scripts/apps on it. Once the development is completed, you or your PROD Admin should publish the app to PROD and should apply the Security Rules for other people to access the app or QVD files generated by it.
Do you really need these QVDs to be "distributed"? Can you (or your BA's) just develop a script on DEV and execute it on PROD, so these QVD files could be generated via Scheduled Tasks?
You cannot use QMC to migrate QVD files, so this should be done manually, which creates an opportunity for error, especially if several different people will be doing that.
The process I am suggesting might not be the best one in terms of speed and productivity, but it for sure more advanced and reliable in terms of keeping your PROD environment stable.
I hope my suggestions will help you.
Regards,
Vlad
Vladimir, you might strongly advise against a single DEV and PROD environment, but this is exactly how Qlik Sense Self-service is designed to be used - QlikView architectural best practises do not necessarily apply to Qlik Sense.
You can re-purpose each node as a Development or Production node and apply different security rules to each, including using separate local repositories of QVDs. The big benefit of having everything under one hood is, next to the seamless integration and deployment process, also the fact that you can share the licenses between production and development, making it a more cost-effective approach.
I appreciate the classic DEV - UAT - PROD deployment process is the safest and most proven in the world of software development, but I think with Self-service it's time we need re-invent ourselves.
Hi Vlad,
I am really sorry for the confusion. Allow me to make it little clear.
It is a Multi Node Qlik Sense PRODUCTION environment allowing Development.
NO, we are not planning to link the Dev and Prod system. We only have a machine (Development node) in Production environment that will help the BA's to develop or create their files on top of the Production data.
Also BA's would want to only make the QVF files made available for other users to access.
Kindly refer to the below link for more info.
Many thanks for your quick responses, kindly help me with the 2 open queries.
Thanks,
Karthick V.
Martin,
You definitely have a point and QS is much more "flexible" and could be structured differently in different environments, but I've noticed Karthick's statement about "the Shared persistence in place", so I've assumed a "Classical" approach.
My suggestions are coming from personal experience and despite the fact that modern approaches seems to be more "cost-effective", they all are based on the same "old" platform and are relying on people who sure capable and intend to make mistakes... In this case, the "cost-effectiveness" will cost you way much money....
Yes, in some normal, small-mid-size businesses it will work, especially if it's managed by experienced people, but I've seen some cases when it failed miserably in intense and high-demand environments... Just my 2 cents....
VK
Karthick,
I am not big fan of Shared Persistence (yet, it has a good potential, but current it's implementation is buggy and lacks few things critical for my environment)...
From what I've read so far about SP, you cannot setup individual "node" much different from Central node since they will be sharing the same repository.... Which means that you have to do all the required above on a Central Node and I am not 100% sure that you can dedicate only one of your nodes for "Development" in this case...
And did I mentioned, that it scares me to give publishing etc rights to multiple people in PROD??
Please check the attached document. I've got it from Qlik during initial SP release (QS 3.1 SR2)... I do not think that the updated version (for QS 3.2 SR 3) exists.... ()
SP is changing rapidly and should be much stable and flexible in 4.0 release ()
Regards,
Vlad
Many thanks for your response Vlad ! It helps a lot.
Sorry that I posted one more question. Its the final and only open question. Kindly please help.
Will we be able to restrict users to be able to use 'Connections' and not let them create NEW connections (when developing from the HUB) ? As you understand the scenario, we don't want BA users to create their own connection and should use only this connection.
Request you to share a QMC snapshot on how it has to be enabled\handled.
Thanks,
Karthick V.
Karthick,
You are welcome!
About your last question: I've just posted the suggestion with few screenshots in the other post you've submitted.
Hope it will help.
Regards,
Vlad