Qlik Community

QlikView Administration

Discussion Board for collaboration on QlikView Management.

Announcements
IMPORTANT security patches for GeoAnalytics Server available to download: READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
hug_qlikview
Contributor III
Contributor III

User management

Hi,

I would like to be able to export all the users and their access to a file. I am interested in knowing what each user has assess to. I can only get one user at the time in the tab User Management the user documents (I am not interested in session statistics which gives me what the users access). 

Thanks in advance,

Maria 

7 Replies
jwjackso
Specialist III
Specialist III

This may not be what you are looking for, but we use NTFS authorization.  I found that checking the actual security on the QVWs on the AccessPortal server was more accurate than checking in the QMC.  In our development environment, a task could be disabled and if the security was changed after the last reload, the security on the QVW did not match what was in the QMC.

I used a Python script to check the security on the QVWs and email any changes to our Qlik Admins.  The Python script maintains 2 files, the current changes and all the security on the QVWs.

from os import walk
from os.path import basename
import os
import win32security
import sys

import smtplib
from email.mime.application import MIMEApplication
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.utils import COMMASPACE, formatdate
import datetime
import time

#
# define email function
#

def send_mail(send_from, send_to, subject, text, files=None,server="127.0.0.1"):

assert isinstance(send_to, list)

msg = MIMEMultipart()
msg['From'] = send_from
msg['To'] = COMMASPACE.join(send_to)
msg['Date'] = formatdate(localtime=True)
msg['Subject'] = subject

msg.attach(MIMEText(text))

for f in files or []:
if len(f) > 0:
current_file = f
with open(current_file, "rb") as fil:
part = MIMEApplication(
fil.read(),
Name=basename(current_file)
)
# After the file is closed
part['Content-Disposition'] = 'attachment; filename="%s"' % basename(current_file)
msg.attach(part)


smtp = smtplib.SMTP(server)
smtp.sendmail(send_from, send_to, msg.as_string())
smtp.close()

#
# get parameters
#
# 1 = server
# 2 = environment (Production, Development, Test)
# 3 = default_path
#

if len(sys.argv) < 4:
sys.exit(1)
else:
server = sys.argv[1]
env = sys.argv[2]
default_path = sys.argv[3]

#
# read EmailList.txt into list
#

with open("EmailList.txt") as temp_email_list:
send_to_list = [line.rstrip('\n') for line in temp_email_list]

outputFileName = server+'fileSecurity.txt'
currentSecurityFileName = './CurrentSecurity/'+outputFileName


#
# load curent security file
#

previousSecurity=[]
if os.path.isfile(currentSecurityFileName):
cs = open(currentSecurityFileName,'r')
for l in cs:
previousSecurity.append(l.rstrip())
cs.close()

#
# loop through path and locate QVWs
#

email_flag = False

currentSecurity = []
newSecurity = []
for root, dirs, files in os.walk(default_path):
for name in files:
if name[-4:] == '.qvw':
l = ""
p = os.path.join(root,name)
try:
si = win32security.GetFileSecurity (p, win32security.DACL_SECURITY_INFORMATION)
try:
dacl = si.GetSecurityDescriptorDacl()
acl_item = []
for item in range(dacl.GetAceCount()):
try:
acl_item = dacl.GetAce(item)
try:
user_name,domain,type = win32security.LookupAccountSid (None, acl_item[2])
l = name+'\t'+p+'\t'+user_name+'('+domain+')'

currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to look up Account SID'+acl_item[2]
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to get individual ACL items'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'***ERROR*** Unable to get ACL information'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

except:
l = name+'\t'+p+'\t'+'****ERROR**** Unable to get file security'
currentSecurity.append(l)
if l not in previousSecurity:
email_flag = True
newSecurity.append(l)

#
# if new security found, update currentSecurity and newSecurity files
#

if email_flag:
cs = open(currentSecurityFileName,'w')
cs.write('QVW\tPath\tGroup or User Name\n')
for l in currentSecurity:
cs.write(l+'\n')
cs.close()

f_out = open(outputFileName,'w')
f_out.write('QVW\tPath\tGroup or User Name\n')
for l in newSecurity:
f_out.write(l+'\n')
f_out.close()

#
# email security file
#

if email_flag:
send_mail('##########@#####.###',send_to_list,env+':Qlikview Application Security',env+':Qlikview Application Security',[outputFileName],'smtp.#####.###')

email_flag = False

 

Lucas_Gatling
Support
Support

Maria,
Take a look at this thread: https://community.qlik.com/t5/QlikView-Administration/I-see-no-way-in-the-QMC-to-export-a-list-of-na...
If the issue is solved please mark the answer with Accept as Solution.
hug_qlikview
Contributor III
Contributor III
Author

Hi and thanks for you suggestion. We are using DMS authorization so I guess your script does not function for us?

 

hug_qlikview
Contributor III
Contributor III
Author

Hi Lucas and thanks for the link,

I am looking for a way to find all access all my users have, not just the user rights to one qlikview application. We are running in DMS authorization and have mainly session cals.  

Thanks,

maria 

Chip_Matejowsky
Support
Support

Hi @hug_qlikview,

If you are using DMS for authorization, then QV uses information in the <name>.qvw's corresponding <name>.meta file.  The following is from the thread @Lucas_Gatling previously provided, "What you would really need to do is use the Power Tools and the Shared File Viewer, which can read .meta files too, in order to open the .meta file and get to the assigned users/groups that way."

Best Regards

Sr. Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
hug_qlikview
Contributor III
Contributor III
Author

Hi Lucas,

We are running QV 12.2, is the ShareFileViewer available to view user access? 

Thanks for your help,

Maria 

Chip_Matejowsky
Support
Support

Hi @hug_qlikview,

You can find the ShareFileViewer as part of the PowerTools for QV here:  https://community.qlik.com/t5/QlikView-Documents/Power-Tools-1-3-2-for-QlikView/ta-p/1484770.

 

Best Regards

Sr. Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!