Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cedriclupo
Partner - Contributor III
Partner - Contributor III
‎2016-11-07 02:57 PM

NTFS AD Group Authorization on access point

Hello Qlik friends,

I have created 3 folders all containing Qlik documents.

     - Project1 on folder 1

     - Project2 on folder 2

     - Governance Dashboard on folder 3

Server is part of a windows domain

Server is configured as NTFS authorization

The 3 folders are mounted and accessible by the QMC

No publisher

SMB License (no DMS)

The aim is to make appear the correct applications in the access point depending on the user AD group, keeping the NTFS inheritance on each Windows folder.

So far, it works only when I add a single user to access the file, but it does not seem to work on AD group level.

Is it something that is not set well in the QMC?

Is it recommended to create a local group containing domain group?

Thank you for your answers

Cédric

Preview file
20 KB
2,260 Views
0 Likes
5 Replies
zhadrakas
Specialist II
Specialist II
‎2016-11-08 05:32 AM

AFAIK that's not possible with ad groups. Are the user member of a ad group which aren't allowed to access this sheet you couldn't give them access in any way - one access denial meant it's always denied regardless if there are further authorizations.

This meant you need to use single user instead of user groups (this mustn't be done manually - there are ways to read an ad, for example Search Recipes | Qlikview Cookbook) or more practically by 5 users: you used a visibility-condition for this sheet like:

if(match(osuser(), 'user1', 'user2', ...), true(), false())

1,703 Views
0 Likes
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2016-11-08 09:25 AM

What are the (wrong) permissions you do get when you apply your AD groups to different folders? Do all users get access to too many documents? Or is everybody denied access to every document?

1,703 Views
0 Likes
cedriclupo
Partner - Contributor III
Partner - Contributor III
‎2016-11-08 11:43 AM
Author

In response to zhadrakas

Hello Tim,

it's not about sheets but about showing the documents in access point, which means that I can't add script: this is managed by AD.

1,703 Views
0 Likes
cedriclupo
Partner - Contributor III
Partner - Contributor III
‎2016-11-08 11:44 AM
Author

In response to Peter_Cammaert

Hi Peter,

If I input just the groups in the permissions, nobody has access to anything.

1,703 Views
0 Likes
cedriclupo
Partner - Contributor III
Partner - Contributor III
‎2016-11-10 08:32 AM
Author

So if I can resume, here are the possibilities:

1)  We use publisher -> we create manual groups (you can't use AD groups)

2)  We have an enterprise edition (not SBE) and we create manual groups (you can't use AD groups)

3)  We have SBE edition (no DMS possible) and we add users one by one

I wonder why we can't use AD groups, it would be so much easier as it's already set up and no risk of error. It could directly be managed by help desk.

1,703 Views
0 Likes