Re: DMS security using NT users and local security... - Qlik Community

abm_trevor · ‎2016-05-31

For various reasons around client AD security rules I am trying to implement a document access regime using the following:

DMS security
Local security groups on the QlikView server
Domain (NTFS) users only within the local security groups

From a physical standpoint this works fine - the right users are getting access to the right documents via the local security groups. The issue I have is that when I look at a User in the QMC it does not reflect any of the local groups that they belong to or any of the documents they can access via the local groups. This makes it very cumbersome to establish who has access to what.

Is there a setting or something in QlikView that will allow me to display this information correctly? It will work perfectly if I use Domain security groups, but there are some logistical internal reasons that this will become very inefficient.

Thanks

Trevor

marcus_sommer · ‎2016-06-01

For me it's not quite clear what do you mean with local security groups and if you used the NT- or the DMS-mode for the authentication?

- Marcus

abm_trevor · ‎2016-06-01

Hi Marcus

As per above, I am using DMS authentication. I have created local security groups (not Domain security groups) on the QlikView server, and added domain users to those local security groups.

Hope that clarifies it.

Thanks

Trevor

awhitfield · ‎2016-06-01

Hi Trevor,

can you upload a couple of screen shots from QMC, to better illustrate the issue?

Andy

Peter_Cammaert · ‎2016-06-01

Did you create a DSC for the "Local Directory"? QMC doesn't know anything if it cannot connect by itself to the various directory services.

syukyo_zhu · ‎2016-06-01

Hi,

why didn't you try to create account directly in your serveur and use NTFS authorization? it will work better than create local accounts in QMC.

abm_trevor · ‎2016-06-01

Hi Andrew

Unfortunately it's a client's server, so I have to be discreet about what I publish. Essentially the QMC recognises the local security groups, allows me to authorise them for a document, and allows access to the users in those local groups. What it doesn't do is reflect that access in the Users section. I have access to 20 documents but the QMC says I have none.

Hope that makes sense.

abm_trevor · ‎2016-06-01

Hi Peter

Yes, and the QMC recognises the local security groups. It just doesn't reflect the document access granted via those groups.

Thanks

Trevor

abm_trevor · ‎2016-06-01

Hi

I am not creating users in the server, I am assigning domain (NT) users to local server security groups.

In this instance DMS authorisation works better for me than NTFS authorisation.

Thanks

Trevor

marcus_sommer · ‎2016-06-01

The question from syukyo_zhu is a good one. Beside them AFAIK there is no way to look within the qmc who had access to which application. By using the NT mode or a local NT directory you will need to query the directory which groups have where access and which users belong to them. By using the DMS with a custom directory the access-informations are stored within the meta-files (which could be read from sharedfile-viewer: Re: Reading .meta file into Qlikview).

- Marcus

DMS security using NT users and local security groups