Solved: Qlikview Security Design for a new installation - Qlik Community

Report Inappropriate Content · ‎2017-05-18

Hello:

I just completed a developer training program for Qlikview and My Company has been sold and I am being asked to do a Qlikview security design document for the new deployment.

We're going to deploy 100% on a Microsoft stack in order to take advantage of active directory authentication throughout the deployment , authenticate users in groups, regions etc etc but I really don't know if that is done 100% through the use of active directory or if that is take care of in the Qlikview server, or web server

I am aware that there's the possibility of controlling security within each Application but I'm looking for the global approach to the deployment.

We would like to have the ability to control user access by region, department or position. We could then define what our overall approach will be e.g.

each user will be assigned product group(s) and country group(s) they have authority for
is a table required to control it? what does the table look like?
where is it maintained?
Who maintains it?

I Understand if the overall question is very broad but if you could point me in the right direction I would appreciate it.

Also if you can recommend resources, websites documents or books that I could take advantage of that would be great.

Please take into account that I'm not doing a detailed technical specification but I'm more focused on getting an overall security blueprint that will be implemented by the security team.

marcus_sommer · ‎2017-05-19

The use of the active directory authentication worked in qlik like normal access rights in windows itself. The process of authenticate an user and authorize the user to certain applications is outsourced to windows and the folders/files permissions are set to groups/users per active directory. It's quite similar as if a user want to access any office-document - if the user has the right permissions the office-tool will open it.

This meant you will need to structure your applications within an appropriate folder-structure. Depending on the complexity of your access-requirements it could lead to a quite wide structure and in the worse-case with an own application for each user (with disadvantages in regard to redundancy and performance). Therefore you will quite probably need to combine this with Section Access and/or QlikView Security Video Series (5 of 8): Reduce and Loop by NT Username - YouTube to keep it practicable.

Where and from who to maintain the access-rights? It will depend how qlik will be implemented in your environment and which rules already exists to this topic.

- Marcus

View solution in original post

marcus_sommer · ‎2017-05-19

The use of the active directory authentication worked in qlik like normal access rights in windows itself. The process of authenticate an user and authorize the user to certain applications is outsourced to windows and the folders/files permissions are set to groups/users per active directory. It's quite similar as if a user want to access any office-document - if the user has the right permissions the office-tool will open it.

This meant you will need to structure your applications within an appropriate folder-structure. Depending on the complexity of your access-requirements it could lead to a quite wide structure and in the worse-case with an own application for each user (with disadvantages in regard to redundancy and performance). Therefore you will quite probably need to combine this with Section Access and/or QlikView Security Video Series (5 of 8): Reduce and Loop by NT Username - YouTube to keep it practicable.

Where and from who to maintain the access-rights? It will depend how qlik will be implemented in your environment and which rules already exists to this topic.

- Marcus