Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-02-11 04:10 PM

Qlikview Application Security

Hi

We have multiple applications in the same folder(root folder), but we want to show some application for some users in accesspoint and others shouldn't view the application in accesspoint. Can we do apply security in app level?

I believe we can do this in adding or removing user group in application properties.

Thanks

Sat

Preview file
14 KB
1,547 Views
0 Likes
9 Replies
prieper
Master II
Master II
‎2016-02-11 04:59 PM

Please check SECTION ACCESS.

Users are able to see only those documents, for which they have access.

Peter

735 Views
satishkurra
Specialist II
Specialist II
‎2016-02-11 05:05 PM

Please check the attached document

Preview file
209 KB
735 Views
0 Likes
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2016-02-11 05:17 PM

If you don't have Publisher, you can control access by setting the Windows Security permissions on the file. This is sometimes made easier by putting the apps in separate folders so you don't have to worry about file permissions getting overlayed by folder permissions.

-Rob

http://masterssummit.com

http://qlikviewcookbook.com

735 Views
sfatoux72
Partner - Specialist
Partner - Specialist
‎2016-02-11 06:04 PM

Document Level Authorization

Once a user has been authenticated, QlikView Server typically handles authorization on its own. QlikView Server provides the choice between storing the ACL information as Windows NTFS privileges (applicable only when the user is authenticated using a Windows user identity) or by storing the ACL information in the internal repository, Document Metadata Service (DMS), in QlikView. The choice of NTFS or DMS affects the access to all documents in QlikView Server.

NTFS vs. DMS

QlikView Server can use the NTFS privileges of the Windows file system to store authorization information. When in NTFS authorization mode, QlikView Server controls access to a given QlikView document by determining if the authenticated user has NTFS privileges to the underlying QlikView document file (.qvw). This is based on the operating system privileges and Windows NTFS is used for the ACL. The privileges of the authenticated user are configured by a server administrator using standard Windows Explorer functionality via directory properties options.

As an alternative to Windows NTFS, QlikView can use its own ACL, DMS. Unlike NTFS, this allows non-Windows users and groups to be authorized to access applications and data. DMS integrates fully with the existing Directory Service Provider (for example, Active Directory, other LDAP) where Group Membership has been recorded – this is a mechanism by which QlikView Server can re-use existing enterprise accounts and group structures. The permitted users or groups are recorded in a meta file that resides next to the QlikView document, and it is managed using QMC.

NTFS is the default document authorization model, suitable when all users and groups are identified in Active Directory or locally on the QlikView Server host. The NTFS permissions may be inherited from the directory that the QlikView documents are in, or may be assigned using QlikView Publisher distribution tasks.

DMS is required when the authenticated user identity is not a Windows user account. The DMS permissions are explicitly assigned using QMC, or may be assigned using QlikView Publisher distribution tasks.

DMS is only available with QlikView Server Enterprise Edition

735 Views
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2016-02-11 06:15 PM

In response to sfatoux72

Good point. If you have EE Server, you can use DMS for authorization. Much easier than changing windows permissions, because you can manage it from the QMC.

-Rob

735 Views
0 Likes
jagan
Luminary Alumni
Luminary Alumni
‎2016-02-12 12:39 AM

Hi,

Try Section Access for this.  There are lot of examples in Community and in Qlikview help file.

Authentication and Authorization in Qlikview

If you just want user level then use below script

Section Access;

LOAD * INLINE [

    ACCESS, USERID

    ADMIN, Admin

    USER, Sales

    USER, Market

];

Section Application;

Regards,

jagan.

735 Views
saimahasan
Partner - Creator III
Partner - Creator III
‎2016-02-12 01:21 AM

Yes you can restrict the users with the help of Section Access.

With this respect, only the authorized users will b able to view the apps.

735 Views
0 Likes
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2016-02-12 01:46 AM

Hi,

If you do not have Enterprise Edition and if you are having Small Business Edition then you can also use the Windows Setting to restrict use to view applications on accesspoint.

All you have to do is for each of the application, go to properties and remove the Users Group from security and add only users which should have access to that document (Application).

Once you do this, restart Qlik Services to take immediate effect.

Regards,

Kaushik Solanki

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
735 Views
0 Likes
Not applicable
‎2016-02-12 10:41 AM
Author


Thank you all for your replies. We will go with section access if we can't do anything on windows level because we are not going to apply the data level security.

We are going to migrate current server to new server with DMS authentication. We will try Sébastien Fatoux recommendation.

735 Views
0 Likes