Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
hug_qlikview
Contributor III
Contributor III
‎2021-03-29 09:29 AM

User management

Hi,

I would like to be able to export all the users and their access to a file. I am interested in knowing what each user has assess to. I can only get one user at the time in the tab User Management the user documents (I am not interested in session statistics which gives me what the users access). 

Thanks in advance,

Maria 

690 Views
0 Likes
2 Solutions

Accepted Solutions
Lucas_Gatling
Support
Support
‎2021-03-29 12:01 PM

Maria,
Take a look at this thread: https://community.qlik.com/t5/QlikView-Administration/I-see-no-way-in-the-QMC-to-export-a-list-of-na...
If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

645 Views
0 Likes
Chip_Matejowsky
Support
Support
‎2021-03-30 02:52 PM

Hi @hug_qlikview,

If you are using DMS for authorization, then QV uses information in the <name>.qvw's corresponding <name>.meta file.  The following is from the thread @Lucas_Gatling previously provided, "What you would really need to do is use the Power Tools and the Shared File Viewer, which can read .meta files too, in order to open the .meta file and get to the assigned users/groups that way."

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!

View solution in original post

611 Views
0 Likes
7 Replies
jwjackso
Specialist III
Specialist III
‎2021-03-29 11:54 AM

This may not be what you are looking for, but we use NTFS authorization.  I found that checking the actual security on the QVWs on the AccessPortal server was more accurate than checking in the QMC.  In our development environment, a task could be disabled and if the security was changed after the last reload, the security on the QVW did not match what was in the QMC.

I used a Python script to check the security on the QVWs and email any changes to our Qlik Admins.  The Python script maintains 2 files, the current changes and all the security on the QVWs.

from os import walk
from os.path import basename
import os
import win32security
import sys

import smtplib
from email.mime.application import MIMEApplication
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.utils import COMMASPACE, formatdate
import datetime
import time

#
# define email function
#

def send_mail(send_from, send_to, subject, text, files=None,server="127.0.0.1"):

assert isinstance(send_to, list)

msg = MIMEMultipart()
msg['From'] = send_from
msg['To'] = COMMASPACE.join(send_to)
msg['Date'] = formatdate(localtime=True)
msg['Subject'] = subject

msg.attach(MIMEText(text))

for f in files or []:
if len(f) > 0:
current_file = f
with open(current_file, "rb") as fil:
part = MIMEApplication(
fil.read(),
Name=basename(current_file)
)
# After the file is closed
part['Content-Disposition'] = 'attachment; filename="%s"' % basename(current_file)
msg.attach(part)


smtp = smtplib.SMTP(server)
smtp.sendmail(send_from, send_to, msg.as_string())
smtp.close()

#
# get parameters
#
# 1 = server
# 2 = environment (Production, Development, Test)
# 3 = default_path
#

if len(sys.argv) < 4:
sys.exit(1)
else:
server = sys.argv[1]
env = sys.argv[2]
default_path = sys.argv[3]

#
# read EmailList.txt into list
#

with open("EmailList.txt") as temp_email_list:
send_to_list = [line.rstrip('\n') for line in temp_email_list]

outputFileName = server+'fileSecurity.txt'
currentSecurityFileName = './CurrentSecurity/'+outputFileName


#
# load curent security file
#

previousSecurity=[]
if os.path.isfile(currentSecurityFileName):
cs = open(currentSecurityFileName,'r')
for l in cs:
previousSecurity.append(l.rstrip())
cs.close()

#
# loop through path and locate QVWs
#

email_flag = False

currentSecurity = []
newSecurity = []
for root, dirs, files in os.walk(default_path):
for name in files:
if name[-4:] == '.qvw':
l = ""
p = os.path.join(root,name)
try:
si = win32security.GetFileSecurity (p, win32security.DACL_SECURITY_INFORMATION)
try:
dacl = si.GetSecurityDescriptorDacl()
acl_item = []
for item in range(dacl.GetAceCount()):
try:
acl_item = dacl.GetAce(item)
try:
user_name,domain,type = win32security.LookupAccountSid (None, acl_item[2])
l = name+'\t'+p+'\t'+user_name+'('+domain+')'

currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to look up Account SID'+acl_item[2]
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to get individual ACL items'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to get ACL information'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'****ERROR**** Unable to get file security'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

#
# if new security found, update currentSecurity and newSecurity files
#

if email_flag:
cs = open(currentSecurityFileName,'w')
cs.write('QVW\tPath\tGroup or User Name\n')
for l in currentSecurity:
cs.write(l+'\n')
cs.close()

f_out = open(outputFileName,'w')
f_out.write('QVW\tPath\tGroup or User Name\n')
for l in newSecurity:
f_out.write(l+'\n')
f_out.close()

#
# email security file
#

if email_flag:
send_mail('##########@#####.###',send_to_list,env+':Qlikview Application Security',env+':Qlikview Application Security',[outputFileName],'smtp.#####.###')

email_flag = False

 

656 Views
Lucas_Gatling
Support
Support
‎2021-03-29 12:01 PM

Maria,
Take a look at this thread: https://community.qlik.com/t5/QlikView-Administration/I-see-no-way-in-the-QMC-to-export-a-list-of-na...
If the issue is solved please mark the answer with Accept as Solution.
646 Views
0 Likes
hug_qlikview
Contributor III
Contributor III
‎2021-03-29 12:10 PM
Author

Hi and thanks for you suggestion. We are using DMS authorization so I guess your script does not function for us?

 

638 Views
0 Likes
hug_qlikview
Contributor III
Contributor III
‎2021-03-29 12:22 PM
Author

In response to Lucas_Gatling

Hi Lucas and thanks for the link,

I am looking for a way to find all access all my users have, not just the user rights to one qlikview application. We are running in DMS authorization and have mainly session cals.  

Thanks,

maria 

631 Views
0 Likes
Chip_Matejowsky
Support
Support
‎2021-03-30 02:52 PM

Hi @hug_qlikview,

If you are using DMS for authorization, then QV uses information in the <name>.qvw's corresponding <name>.meta file.  The following is from the thread @Lucas_Gatling previously provided, "What you would really need to do is use the Power Tools and the Shared File Viewer, which can read .meta files too, in order to open the .meta file and get to the assigned users/groups that way."

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
612 Views
0 Likes
hug_qlikview
Contributor III
Contributor III
‎2021-03-31 05:36 AM
Author

In response to Lucas_Gatling

Hi Lucas,

We are running QV 12.2, is the ShareFileViewer available to view user access? 

Thanks for your help,

Maria 

597 Views
0 Likes
Chip_Matejowsky
Support
Support
‎2021-03-31 08:59 AM

In response to hug_qlikview

Hi @hug_qlikview,

You can find the ShareFileViewer as part of the PowerTools for QV here:  https://community.qlik.com/t5/QlikView-Documents/Power-Tools-1-3-2-for-QlikView/ta-p/1484770.

 

Best Regards

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
576 Views