Skip to main content
Announcements
See why Qlik was named a Leader in the 2024 Gartner® Magic Quadrant™ for Data Integration Tools for the ninth year in a row: Get the report
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

'QlikView Administrators' server local group audit or workings

Hey everyone,

I spent some time searching on the forum, but couldn't get to an answer on what I'm looking for.

Basically, we're being asked by auditors how does QlikView knows that the administration is only supposed to be done by those in the 'QlikView Administrators' group on the local server user & group area of the management console. I went over the QlikView Reference Manual and couldn't find any mention of this there either...

We have already answered questions about the AD config and the way applications access is done, but we couldn't show them (auditors) any evidence of the above question.

Has any of you heard or know how this works or can be proven?

Here's a reference to a post with a related question, but this one is only on the surface and about the difference between the group in question here and local server admins: QlikView Admins vs Local Admins

Thanks in advanced!

Alex

1 Solution

Accepted Solutions
tresesco
MVP
MVP

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

View solution in original post

5 Replies
gregortvw
Contributor III
Contributor III

Hello Alex,

you can also try this post, it's also related to your question. Group Names in User Management?

Another question is about security audit.

If you have QV-Admin rights for the server, worst case, you can obtain access to all apps in the qmc, exepting those one with section access.

Regards

Anonymous
Not applicable
Author

may get some evidence from Qliktech Support?

tresesco
MVP
MVP

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

Peter_Cammaert
Partner - Champion III
Partner - Champion III

Well, this is basic Windows Access Control. The QMC is a proprietary web site that restricts access to its pages to members of the local QlikView Administrators group only (or in a limited fashion to Document Administrators). Is your Windows account not a member of this group, then you won't get in. Every Windows AD account that is a member of this group will be able to open the QMC and do whatever they feel like.

The QlikView Management Service (that is managing the web site and displaying the pages) doesn't do this by relying on NTFS file permissions, but instead contains code that actively monitors & manages authorizations and restricts access to whatever accounts are either member of this QlikView Administrators group (full QMC access), or have been assigned the role of Document administrators (limited QMC access. See QMC->System->Setup->Distribution Serices->Your QDS->General->Source Folders)

Peter

Not applicable
Author

Thank you tresesco! this should be perfect.