Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
punitpopli
Specialist
Specialist
‎2016-02-08 07:22 AM

Custom group on top of SSO

Hi Team,

We have SSO implemented (using LDAP) for one of our client and they used "All Authenticated users" in QMC for access rights as they use section access to control the application to be view on access point.

Few days before a incident happen when one of the user who is not at all part of the section access script was able to view the application (thumbnail) on access point.

Can we use custom group on top of SSO to make sure we also have security maintained at QMC level rather then trusting solely on section access script.

Have anyone implemented such kind of scenario or is their better approach to avoid such scenarios

thanks in advance

-Punit

942 Views
0 Likes
11 Replies
avinashelite
MVP
MVP
‎2016-02-08 07:40 AM

Are you using the NTNAME in the section access ?? as per my knowledge if the user is not a part of the section access and if your using NTNAME then document should not be visible

603 Views
0 Likes
marcus_sommer
MVP
MVP
‎2016-02-08 07:50 AM

If you used a folder-structure with appropriate user(group) access-rights you could control which user get access to which application (this is independent from using of section access). By using DMS instaed of NT authentication you could manage the same within the qmc on document-level.

- Marcus

603 Views
0 Likes
punitpopli
Specialist
Specialist
‎2016-02-08 07:50 AM
Author

In response to avinashelite

hi Avinashelite

Yes we are using NTNAME in the section access script

Thanks,

Punit

603 Views
0 Likes
marcus_sommer
MVP
MVP
‎2016-02-08 07:54 AM

In response to punitpopli

An addition: it seems to be that you used section access without the restricted mode which meant section access is more a usability feature then a security-measure, see Section Access: Strict Exclusion.

- Marcus

603 Views
0 Likes
avinashelite
MVP
MVP
‎2016-02-08 07:56 AM

In response to punitpopli

I think your root folder and sub folder security structure has a conflict with the access .....this might also cause the issue

603 Views
0 Likes
punitpopli
Specialist
Specialist
‎2016-02-08 09:37 AM
Author

In response to marcus_sommer

Hi Marcus_Sommer

Thanks for your reply.

Do you mean creating custom group on QMC level?

Thanks,

Punit

603 Views
0 Likes
marcus_sommer
MVP
MVP
‎2016-02-08 09:48 AM

In response to punitpopli

This is only available if you used the DMS authentication instaed of the NT authentication - this meant by not using NT you have to create your users and user-groups within the qmc and authorize them to your documents but you didn't need to think about an autorization change then NT has more advantages then DMS and it is also the most used standard.

- Marcus

603 Views
0 Likes
punitpopli
Specialist
Specialist
‎2016-02-09 06:58 AM
Author

In response to marcus_sommer

Hi Marcus_Sommer

I have tried implementing custom user and group configuration on access point but that is not working as expected.

i think this might be because we are using LDAP authentication and we cannot use both the authentication simultaneously.

Please suggest i am heading in wrong direction

Thanks,

Punit

603 Views
0 Likes
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2016-02-09 07:35 AM

If you don't want Documents thumbnails to be visible to users without a Section Access entry, open your document in QV Desktop and enable option "Filter AccessPoint Document List Based on Section Access" in Settings->Document Properties->Server

Peter

603 Views
0 Likes