Skip to main content
Announcements
Defect acknowledgement with Nprinting Engine May 2022 SR2, please READ HERE
cancel
Showing results for 
Search instead for 
Did you mean: 
jbreunis1
Contributor
Contributor

Nprinting: QS stream authorisation voor Nprinting designer users

Hello!

We have our QlikSense authorisation in place, and also have created Nprinters users (role: designer). And we now want our designers to ónly be able to connect in Nprinting to Apps in their OWN QlikSense streams --> have do i arrange that?

Labels (2)
2 Solutions

Accepted Solutions
Ruggero_Piccoli
Support
Support

Hi,

Give a check at https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/NPrinting-with-... and be sure you installed the Qlik Sense certificates.

Then a user can connect to Qlik Sense apps it is authorized as per: https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/GettingStarted/HowCreateConnections/...

Also nothe that Qlik NPrinting security is role based https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/Security-manage.... The default Designer role has access to all Qlik NPrinting apps and has all the Connections rights but you can create new custom roles with access only to some Qlik NPrinting apps or without some of the Connections privileges. For example you can avoid to give to a designer the rights to create new connections in the Qlik NPrinting apps it is authorized to access.

Best Regards,

Ruggero

 

 



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.

View solution in original post

Ruggero_Piccoli
Support
Support

Hi,

From a Qlik NPrinting point of view you cannot limit the connection a Designer (with rights to access to all Qlik NPrinting apps) can create by Qlik Sense stream. 

Based on what I understood your goal is that a Designer sees only data from Qlik Sense apps he is authorized. But if that Designer can create connections it can create a connection also to a Qlik Sense app he is not authorized by inserting the domain user of another person that is authorized. After the connection cache is generated the fraudulent Designer can create templates to export those data. 

You have to create a custom role, call is CONN, only for trusted users that can create connections maybe in all Qlik NPrinting apps. Then create different Qlik NPrinting apps, one for each segregated group of authorized Designers. The trusted users with CONN role will create connections for all Qlik NPrinting apps.

Then you create a custom role for each group of designers and all those roles must not have the rights to create connections at all and each role with access to a limited set of Qlik NPrinting apps, maybe only one. Assign the correct role to the designers so they will be able to develop reports only from the connections in the app they have access.

I hope I was clear.

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.

View solution in original post

4 Replies
Ruggero_Piccoli
Support
Support

Hi,

Give a check at https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/NPrinting-with-... and be sure you installed the Qlik Sense certificates.

Then a user can connect to Qlik Sense apps it is authorized as per: https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/GettingStarted/HowCreateConnections/...

Also nothe that Qlik NPrinting security is role based https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/Security-manage.... The default Designer role has access to all Qlik NPrinting apps and has all the Connections rights but you can create new custom roles with access only to some Qlik NPrinting apps or without some of the Connections privileges. For example you can avoid to give to a designer the rights to create new connections in the Qlik NPrinting apps it is authorized to access.

Best Regards,

Ruggero

 

 



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
jbreunis1
Contributor
Contributor
Author

Txs Ruggero!

About the last part: those actions are indeed possible. But here at our company not an option, because our designers (roles) are supposed to make apps, connections and reports themselves (SelfService).

Hopefully with this perspective there still are options to limit access to QS apps (specific streams we want them to access), while the developers can still act on SelfService basis?

Ruggero_Piccoli
Support
Support

Hi,

From a Qlik NPrinting point of view you cannot limit the connection a Designer (with rights to access to all Qlik NPrinting apps) can create by Qlik Sense stream. 

Based on what I understood your goal is that a Designer sees only data from Qlik Sense apps he is authorized. But if that Designer can create connections it can create a connection also to a Qlik Sense app he is not authorized by inserting the domain user of another person that is authorized. After the connection cache is generated the fraudulent Designer can create templates to export those data. 

You have to create a custom role, call is CONN, only for trusted users that can create connections maybe in all Qlik NPrinting apps. Then create different Qlik NPrinting apps, one for each segregated group of authorized Designers. The trusted users with CONN role will create connections for all Qlik NPrinting apps.

Then you create a custom role for each group of designers and all those roles must not have the rights to create connections at all and each role with access to a limited set of Qlik NPrinting apps, maybe only one. Assign the correct role to the designers so they will be able to develop reports only from the connections in the app they have access.

I hope I was clear.

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
jbreunis1
Contributor
Contributor
Author

Txs Ruggero, clear!

We will follow this path! 🙂