Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Clever_Anjos
Employee
Employee

QlikView Server SBE + Custom Directory + Section Access

I´m facing a problem trying to enable some users to see their documents into Access Point. I want that users listed under "Section Access" should be able to see (and open) documents in AP.

Our enviroment

  1. QlikView Server Small Business (DISABLE_DMS;YES;;)
  2. Custom Directory
  3. Section Access into my applications (please see below a sample)
  4. Document Properties / Server / [Filter AccesPoint Document List..] checked

Script sample:

SECTION ACCESS;

LOAD * INLINE [

    ACCESS, NTNAME

    ADMIN, SRVQLIKVIEW01\qlikview  

    ADMIN, SRVQLIKVIEW01\qvapp

    USER, CUSTOM\CLEVER.ANJOS

];


Issue:

CUSTOM\CLEVER.ANJOS  does not see any document

Any hint or help?

Labels (1)
1 Solution

Accepted Solutions
Peter_Cammaert
Partner - Champion III
Partner - Champion III

Spot on: IMHO in an SBE environment, Custom directories (any kind) are useless. Without DMS, only AD, Windows NT and Local directory DSC's serve a purpose. And the point is that QlikView Server doesn't even need a corresponding DSC for file access because AD & NTFS will do it all by themselves.

ACL's: that's just a reference to the generic concept of Access Control Lists = permission specifications by way of lists of access definitions and interdependencies. Probably way different in DMS vs NTFS.

Have a nice New Years Eve.

Peter

View solution in original post

9 Replies
swuehl
MVP
MVP

Leaving the section access aside for a moment (assuming it has been disabled), how do you want to give your custom users authorization to open the QVW in accesspoint without DMS?

swuehl
MVP
MVP

And leaving DMS issue aside, I think you can't use NTNAME with a custom user. You would need to use USERID and PASSWORD (yes, I think you need to state the password, so user would need to login again).

Peter_Cammaert
Partner - Champion III
Partner - Champion III

Great double response, Stefan. And entirely correct (as expected )

Peter_Cammaert
Partner - Champion III
Partner - Champion III

In order to shed some light on the real issue, please allowe me (legends, I still bow to you in any case) .

Authentication will work with any DSC under both SBC and EE QVS control. The custom directory will return a valid ID, and Windows will accept the AD Kerberos tokens.

However, authorization will have an issue with figuring out permissions to QVW files for IDs that don't really exist in AD (and as a result, neither do they exist for NTFS). Since SBE doesn't allow authorizations to be stored in DMS and managed by QV itself, nobody will be able to tell whether a Custom Directory ID is allowed to open a strictly NTFS-controlled document.

ACL's and such. It works very well though

'night,

Peter

Peter_Cammaert
Partner - Champion III
Partner - Champion III

(It's still a bit "weird" for Q in L, SE to allow configuration of Custom Directories in an SBE environment without warning the user/admin about the possible issues. And the Docs remain silent about this conflict as well. Marketing? Still a mystery to tech guys like me...)

Clever_Anjos
Employee
Employee
Author

swuehl‌, you´re correct,

Checking here a Custom User can´t see any doc.

DMS is disabled by license, can´t change that

Clever_Anjos
Employee
Employee
Author

It is very comforting to count on the support of colleagues as you both.

From what I understand, I can not use in a SBE the authority to limit the access of users to see applications using the SBE + Custom Directory?

In addition, Custom Directory for SBE is useless?

pcammaert‌, would you mind explaining me about your reference to ACL?

Peter_Cammaert
Partner - Champion III
Partner - Champion III

Spot on: IMHO in an SBE environment, Custom directories (any kind) are useless. Without DMS, only AD, Windows NT and Local directory DSC's serve a purpose. And the point is that QlikView Server doesn't even need a corresponding DSC for file access because AD & NTFS will do it all by themselves.

ACL's: that's just a reference to the generic concept of Access Control Lists = permission specifications by way of lists of access definitions and interdependencies. Probably way different in DMS vs NTFS.

Have a nice New Years Eve.

Peter

Clever_Anjos
Employee
Employee
Author

Thanks a lot