Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
abm_trevor
Partner - Contributor II
Partner - Contributor II
‎2016-05-31 04:57 AM

DMS security using NT users and local security groups

For various reasons around client AD security rules I am trying to implement a document access regime using the following:

  • DMS security
  • Local security groups on the QlikView server
  • Domain (NTFS) users only within the local security groups

From a physical standpoint this works fine - the right users are getting access to the right documents via the local security groups.  The issue I have is that when I look at a User in the QMC it does not reflect any of the local groups that they belong to or any of the documents they can access via the local groups.  This makes it very cumbersome to establish who has access to what.

Is there a setting or something in QlikView that will allow me to display this information correctly?  It will work perfectly if I use Domain security groups, but there are some logistical internal reasons that this will become very inefficient.

Thanks

Trevor

1,662 Views
0 Likes
15 Replies
marcus_sommer
MVP
MVP
‎2016-06-01 05:31 AM

For me it's not quite clear what do you mean with local security groups and if you used the NT- or the DMS-mode for the authentication?

- Marcus

906 Views
0 Likes
abm_trevor
Partner - Contributor II
Partner - Contributor II
‎2016-06-01 05:38 AM
Author

In response to marcus_sommer

Hi Marcus

As per above, I am using DMS authentication.  I have created local security groups (not Domain security groups) on the QlikView server, and added domain users to those local security groups.

Hope that clarifies it.

Thanks

Trevor

906 Views
0 Likes
awhitfield
Partner - Champion
Partner - Champion
‎2016-06-01 06:10 AM

Hi Trevor,

can you upload a couple of screen shots from QMC, to better illustrate the issue?

Andy

906 Views
0 Likes
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2016-06-01 08:09 AM

Did you create a DSC for the "Local Directory"? QMC doesn't know anything if it cannot connect by itself to the various directory services.

906 Views
0 Likes
syukyo_zhu
Creator III
Creator III
‎2016-06-01 08:26 AM

In response to abm_trevor

Hi,

why didn't you try to create account directly in your serveur and use NTFS authorization? it will work better than create local accounts in QMC.

906 Views
0 Likes
abm_trevor
Partner - Contributor II
Partner - Contributor II
‎2016-06-01 08:26 AM
Author

In response to awhitfield

Hi Andrew

Unfortunately it's a client's server, so I have to be discreet about what I publish.  Essentially the QMC recognises the local security groups, allows me to authorise them for a document, and allows access to the users in those local groups.  What it doesn't do is reflect that access in the Users section.  I have access to 20 documents but the QMC says I have none.

Hope that makes sense.

906 Views
0 Likes
abm_trevor
Partner - Contributor II
Partner - Contributor II
‎2016-06-01 08:27 AM
Author

In response to Peter_Cammaert

Hi Peter

Yes, and the QMC recognises the local security groups.  It just doesn't reflect the document access granted via those groups.

Thanks

Trevor

906 Views
0 Likes
abm_trevor
Partner - Contributor II
Partner - Contributor II
‎2016-06-01 08:38 AM
Author

In response to syukyo_zhu

Hi

I am not creating users in the server, I am assigning domain (NT) users to local server security groups.

In this instance DMS authorisation works better for me than NTFS authorisation.

Thanks

Trevor

906 Views
0 Likes
marcus_sommer
MVP
MVP
‎2016-06-01 08:42 AM

In response to abm_trevor

The question from syukyo_zhu is a good one. Beside them AFAIK there is no way to look within the qmc who had access to which application. By using the NT mode or a local NT directory you will need to query the directory which groups have where access and which users belong to them. By using the DMS with a custom directory the access-informations are stored within the meta-files (which could be read from sharedfile-viewer: Re: Reading .meta file into Qlikview).

- Marcus

906 Views
0 Likes