Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi Team,
We have SSO implemented (using LDAP) for one of our client and they used "All Authenticated users" in QMC for access rights as they use section access to control the application to be view on access point.
Few days before a incident happen when one of the user who is not at all part of the section access script was able to view the application (thumbnail) on access point.
Can we use custom group on top of SSO to make sure we also have security maintained at QMC level rather then trusting solely on section access script.
Have anyone implemented such kind of scenario or is their better approach to avoid such scenarios
thanks in advance
-Punit
Are you using the NTNAME in the section access ?? as per my knowledge if the user is not a part of the section access and if your using NTNAME then document should not be visible
If you used a folder-structure with appropriate user(group) access-rights you could control which user get access to which application (this is independent from using of section access). By using DMS instaed of NT authentication you could manage the same within the qmc on document-level.
- Marcus
An addition: it seems to be that you used section access without the restricted mode which meant section access is more a usability feature then a security-measure, see Section Access: Strict Exclusion.
- Marcus
I think your root folder and sub folder security structure has a conflict with the access .....this might also cause the issue
This is only available if you used the DMS authentication instaed of the NT authentication - this meant by not using NT you have to create your users and user-groups within the qmc and authorize them to your documents but you didn't need to think about an autorization change then NT has more advantages then DMS and it is also the most used standard.
- Marcus
Hi Marcus_Sommer
I have tried implementing custom user and group configuration on access point but that is not working as expected.
i think this might be because we are using LDAP authentication and we cannot use both the authentication simultaneously.
Please suggest i am heading in wrong direction
Thanks,
Punit
If you don't want Documents thumbnails to be visible to users without a Section Access entry, open your document in QV Desktop and enable option "Filter AccessPoint Document List Based on Section Access" in Settings->Document Properties->Server
Peter