Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
thkarner
Partner - Creator III
Partner - Creator III

How to create a secure local copy of an app?

Hi,

I want to achieve the following:

  • An app is developed centrally.
  • The central app includes data for all countries. Data access is protected with specific section access.
  • Key users in the local countries should be able to make copy of this app including all visualizations and master items.
  • Key users should be able to enrich the data model with local data
  • Key users cannot access central, unauthorized data
  • Key users should be able to create and execute tasks in QMC

Unfortunately I couldn´t find a waterproof concept to provide this.

I my investigations I found the following issues:

  • Key users can only copy apps within the QMC section "Apps", because they are not owner of the app
  • The copy contain beside visualizations and master items also the data and the load script

With this I see the following security risks:

a) Key user can create a task to load data for the copied app. The scheduled task runs with context of user sa_scheduler, having access to all LIBs. Load of data will be possible

b) In case the load script is stored in an external include-file the key user could download the log of the executed task and re-construct the complete script

c) The key user could also use the existing script code of the copied app and add further lines to override section access of the original app and gets access to all data

Has anyone already implemented a secure and waterproof concept to achieve the requirements above?

Regards,

Thomas

8 Replies
simotrab
Creator III
Creator III

Hi Thomas,

mine probably is not the answer, but I'd like to have a conversation that maybe could be helpful to you and me, to improve our skills. I've found your issues very interesting, and I'd like to see if my way to manage some problem could be "waterproof", or maybe improved.

Generally I create two apps:

- app one, that fetches the data and create only .qvd files;

- app two, that read only the .qvd files (created by app one) I want to be read, and it has all the visualizations.

The first app is put in a Stream that is seen only by me.

The second app, read all the data and the section access with load statements like

load*from ... .qvd;

so it is totally blank for the user.

What do you think?

thkarner
Partner - Creator III
Partner - Creator III
Author

Hi Simone,

with your approach you have potentially all the security issues as mentions in my original post.

The second app contains some script code for

a) loading data from QVD files from a certain lib

b) to apply section Access

If the script statements are visible for the key user in the load script he can add further code to override section or deactivate section access and get access to all data.

In the case you are the only person who have access to the LIB this is not secure enough if the user can create and execute a reload task in the QMC (which is requirement in my case).

If the user performs the reload by a task in the QMC the script code is performed with the user INTERNAL\sa_Scheduler who has access to all LIBs. This would therefore open access to unauthorized data.

BR T

simotrab
Creator III
Creator III

The problem is if the app is duplicated, so they can have access to the script?

Because if so, only the owner could duplicate it

Security Rule - Duplicate Apps in QlikSense Hub

If you are the only owner, no one else could copy it, go to the load script and so on.

So if you publish it and no one could copy it, no one could read the load section.

thkarner
Partner - Creator III
Partner - Creator III
Author

I´m not sure if we have the same situation/requirements.

In my case local key users heed to have access to the script editor.

They also need to have access to certain apps in the QMC to make a copy, because the owner of the central app is someone else.

Further they need access to the task section in QMC to schedule reload tasks.

With These preconditions I can´t find a secure way to protect data.

BR T

rittermd
Master
Master

I am not sure if either of these will help you.

1.  You could put your script into a file and then use an Include statement in your app.  I don't believe that the code will be displayed.

2.  Put your code in a 2nd app.  Then do a binary load into your app.  The code will not be displayed in your app.

thkarner
Partner - Creator III
Partner - Creator III
Author

Hi Mark,

thanks for your answer. As already written in the initial post regarding 1)

b) In case the load script is stored in an external include-file the key user could download the log of the executed task and re-construct the complete script

Regarding 2) Binary Load is not supported as I know. Further a binary load wouldn´t apply section access I think.

Any other solutions?

BR T

rittermd
Master
Master

Binary Load is supported in Qlik Sense.  At least if you have a fairly current version installed.

thkarner
Partner - Creator III
Partner - Creator III
Author

You´re right. Binary Load is allowed. But in case the app folder must be accessible as a LIB, which would cause to have access to all other apps (which have no section access).

To create a job to copy the app to somewhere else is also no option.

Finally the binary load load´s only data including section access. Visualisations, sheets and other staff is not loaded.

http://help.qlik.com/en-US/sense/June2017/Subsystems/Hub/Content/Scripting/ScriptRegularStatements/B...

Therefore I can drop out this option.

Maybe another idea to fulfill requirements of initial post?