Qlik Community

QlikView Management

Discussion Board for collaboration on QlikView Management.

abm_trevor
New Contributor II

DMS security using NT users and local security groups

For various reasons around client AD security rules I am trying to implement a document access regime using the following:

  • DMS security
  • Local security groups on the QlikView server
  • Domain (NTFS) users only within the local security groups

From a physical standpoint this works fine - the right users are getting access to the right documents via the local security groups.  The issue I have is that when I look at a User in the QMC it does not reflect any of the local groups that they belong to or any of the documents they can access via the local groups.  This makes it very cumbersome to establish who has access to what.

Is there a setting or something in QlikView that will allow me to display this information correctly?  It will work perfectly if I use Domain security groups, but there are some logistical internal reasons that this will become very inefficient.

Thanks

Trevor

15 Replies

Re: DMS security using NT users and local security groups

For me it's not quite clear what do you mean with local security groups and if you used the NT- or the DMS-mode for the authentication?

- Marcus

abm_trevor
New Contributor II

Re: DMS security using NT users and local security groups

Hi Marcus

As per above, I am using DMS authentication.  I have created local security groups (not Domain security groups) on the QlikView server, and added domain users to those local security groups.

Hope that clarifies it.

Thanks

Trevor

awhitfield
Esteemed Contributor

Re: DMS security using NT users and local security groups

Hi Trevor,

can you upload a couple of screen shots from QMC, to better illustrate the issue?

Andy

Re: DMS security using NT users and local security groups

Did you create a DSC for the "Local Directory"? QMC doesn't know anything if it cannot connect by itself to the various directory services.

syukyo_zhu
Contributor III

Re: DMS security using NT users and local security groups

Hi,

why didn't you try to create account directly in your serveur and use NTFS authorization? it will work better than create local accounts in QMC.

abm_trevor
New Contributor II

Re: DMS security using NT users and local security groups

Hi Andrew

Unfortunately it's a client's server, so I have to be discreet about what I publish.  Essentially the QMC recognises the local security groups, allows me to authorise them for a document, and allows access to the users in those local groups.  What it doesn't do is reflect that access in the Users section.  I have access to 20 documents but the QMC says I have none.

Hope that makes sense.

abm_trevor
New Contributor II

Re: DMS security using NT users and local security groups

Hi Peter

Yes, and the QMC recognises the local security groups.  It just doesn't reflect the document access granted via those groups.

Thanks

Trevor

abm_trevor
New Contributor II

Re: DMS security using NT users and local security groups

Hi

I am not creating users in the server, I am assigning domain (NT) users to local server security groups.

In this instance DMS authorisation works better for me than NTFS authorisation.

Thanks

Trevor

Re: DMS security using NT users and local security groups

The question from syukyo_zhu is a good one. Beside them AFAIK there is no way to look within the qmc who had access to which application. By using the NT mode or a local NT directory you will need to query the directory which groups have where access and which users belong to them. By using the DMS with a custom directory the access-informations are stored within the meta-files (which could be read from sharedfile-viewer: Re: Reading .meta file into Qlikview).

- Marcus

Community Browser