QV Server Security Best Practices - Macros/Other C... - Qlik Community

deec · ‎2018-10-02

I've been working with Qlikview for quite some time, but I am new to Administering a server. In over a dozen installations of QV (separate firms) I've only ever seen macros allowed once in server.

A small subset of our developers is requesting I install Python on the windows server. I've been searching but cannot find any particular best practices or reasons why this would be problematic. I do not know much about python beyond that it is an object-oriented language. It is my understanding that I will not be able to limit what it will be able to do, and will be forced to go line-by-line anytime that python script is updated.

The reason they want python is to be able to: Build a script that can be launched from an application that opens a separate QVWs, set some selections, run a report, print it to PDF, then do the same thing with the next QVW (there are a handful), lastly it would concatenate all those PDFs into a single PDF and make it available to the user.

I am hoping NPrinting will be able to meet this requirement (creating a big fat PDF from multiple QVWs in the same server), and we can avoid the use of macros or other languages. But in the meantime, what (if any) are reasons to push back against installing Python on the QV Server?

Secondary question. Is there a reason this couldn't be done simply with macros using VB Script? why would Python be any better?

This is a single box setup with Server and Publisher on the same box.

Miguel_Angel_Baeyens · ‎2018-10-03

To your first question, NPrinting can do that: a PDF from several QVWs. There are some buts and considerations, but it is technically possible. The only reason I see to not allow macros in a productive environment is security. Macros perform actions other than the loading in the script which could impact other systems requiring having permissions on folders or services on a productive environment.

You don't see macros allowed in servers so often because they are very limited when it comes to use in an Ajax environment. Macros were a good workaround for limitations when QlikView Server or Publisher were not integrated or as developed as they are now, like, for example, let a user trigger a reload, which you can do properly using the QMC and assigning this user as a document administrator.

Also because as you point out, macros can be in different languages, most of them not allowed or not working in an Ajax environment. For example, changing the size of an object can work in Desktop/Windows because it's a Windows object, but Ajax uses a completely different way to draw objects on the screen.

Which leads to your second question: I think they are using Python because that's what they know, likely. I could also understand than VBS could be less secure, allowing more actions than Python (you cannot filter which actions do you permit on VBS, it's all or nothing), not that much on the developers side but on the consumers (if someone hacks and gets access to VBS they probably can do more harm than if they have Python).

In short: if I was tasked to do that my preference would be NPrinting (which seems to be on your way), then VBS, then anything else. And avoid macros in production because of security. Or allow them in a server different to the QVS, less exposed.

QV Server Security Best Practices - Macros/Other Code