Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
uacg0009
Partner - Specialist
Partner - Specialist

Can I restrict user password or give a warning for changing the password every 30 days?

Hi all,

For security, our company want me to set a warning for every user who needs to change their password every 30 days, and also want to restrict their password, like must more than 6 bit or must start with a capital word something like that.

I don't know whether I can do that in Qlikview Server or using js, if can, how to do that?

Thanks.

Aiolos Zhao

1 Solution

Accepted Solutions
Peter_Cammaert
Partner - Champion III
Partner - Champion III

No you cannot. But that is new information so my previous replies do not apply to your situation  (it's always better to give those details from the start in your Original Post, makes discussions shorter and more to the point)

Custom directory operates its own list of user definitions which can only be managed from inside the QMC or from custom applications. You cannot mix Custom Directory with AD or any standard premission system like NTFS, simply because for example Custom Directory users do not exist in NTFS or AD. They only exist inside QlikView.

Actually, I think you answered your own question here (last sentence): Re: Can I restrict user password or give a warning for changing the password every 30 days?

You should indeed talk to your web developer. One big advantage of a system like Custom Directory is that you can extend it yourself. However, to do that you'll need someone with web programming experience, like you said yourself.

Custom Directory users are defined in an xml file called C:\ProgramData\QlikTech\DirectoryServiceConnector\CustomDirectoryData.xml. There is no tag that stores the timestamp of definition or last password change, but that can be compensated by either requesting password changes on a fixed date (for example, every first of the month) or by storing password expiry dates in a new xml file and letting the login page handle the data from these two.

Best,

Peter

View solution in original post

12 Replies
Anil_Babu_Samineni

Even Qlikview i also don't know. But by help of Javascript it is possible.

Can you start searching on JS Validation for form in html

Please add me Anil_Babu_Samineni to interact faster when reply back. Speak low think High.

Before develop something, think If placed (The Right information | To the right people | At the Right time | In the Right place | With the Right context)
uacg0009
Partner - Specialist
Partner - Specialist
Author

Thanks for reply, so do you mean I can change or add js script on login page?

Anil_Babu_Samineni

Would you mind, Can you share your login file and path where this situated in (please hide username)

And then Look Attachment

Please add me Anil_Babu_Samineni to interact faster when reply back. Speak low think High.

Before develop something, think If placed (The Right information | To the right people | At the Right time | In the Right place | With the Right context)
uacg0009
Partner - Specialist
Partner - Specialist
Author

Hi Anil,

Thank you so much for your script.

But I'm not familiar with the PHP, and don't know how to use it...

And the login file you mentioned, do you mean the session file of my qlikview server?

could you please give an example for that?

Thanks

Aiolos

Anil_Babu_Samineni

In fact, I am not familiar with Server end. I am fully into design anyway, for understand, I am expecting Access point custom Login.html page`(Figure it out, Usually they used as base the default "C:\Program Files\QlikView\Web" folder to create the folder for Login)

I am referring the same one.

Please add me Anil_Babu_Samineni to interact faster when reply back. Speak low think High.

Before develop something, think If placed (The Right information | To the right people | At the Right time | In the Right place | With the Right context)
jonathandienst
Partner - Champion III
Partner - Champion III

I assume you are using USERID/PASSWORD for opening QV documents. There is no support for password policy enforcement for the Qlikview USERID. This is only suitable for the most elementary security scenarios. You could possibly build your own policy enforcement outside of Qlikview, although the passwords will still go over the network in plain text.

Are your users on a Windows domain? You would be better off using NTNAME rather than UserID. Then you can enforce password policies through Active Directory and the passwords will not be visible anywhere and will not be sent in plain text over the network.

Logic will get you from a to b. Imagination will take you everywhere. - A Einstein
uacg0009
Partner - Specialist
Partner - Specialist
Author

Hi Jonathan,

Thanks for reply. I'm using the NTNAME to do the section access, but I'm using the Custom Directory, not AD.

And yes, we are on Windows domain.

So maybe I only can try to do it from outside, so do you mean I need to use js or web method to restrict it when I login?


Thanks

Aiolos

uacg0009
Partner - Specialist
Partner - Specialist
Author

Yes, actually I change the login.html, but only for the UI, like font color. But I don't know whether I can restrict the password when I do the login.

Anyway maybe I need to ask our web developer, thanks!

Peter_Cammaert
Partner - Champion III
Partner - Champion III

No

Typically you don't do this in QlikView or on the QlikView server or in JavaScript or wherever.

Since you are using AD to authenticate your users, you need to configure AD in such a way that

  • Passwords expire after a preset period of time, and Windows itself will inform your users when they try to log into the domain, that their password has expired and needs to be changed.
  • Group policies are configured to restrict the length, type and reuse of passwords according to you company policy.

You should talk to your SysAdmin about this.

Peter