Qlik Community

QlikView Management

Discussion Board for collaboration on QlikView Management.

Highlighted
Not applicable

'QlikView Administrators' server local group audit or workings

Hey everyone,

I spent some time searching on the forum, but couldn't get to an answer on what I'm looking for.

Basically, we're being asked by auditors how does QlikView knows that the administration is only supposed to be done by those in the 'QlikView Administrators' group on the local server user & group area of the management console. I went over the QlikView Reference Manual and couldn't find any mention of this there either...

We have already answered questions about the AD config and the way applications access is done, but we couldn't show them (auditors) any evidence of the above question.

Has any of you heard or know how this works or can be proven?

Here's a reference to a post with a related question, but this one is only on the surface and about the difference between the group in question here and local server admins: QlikView Admins vs Local Admins

Thanks in advanced!

Alex

1 Solution

Accepted Solutions
MVP
MVP

Re: 'QlikView Administrators' server local group audit or workings

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

View solution in original post

5 Replies
gregortvw
New Contributor III

Re: 'QlikView Administrators' server local group audit or workings

Hello Alex,

you can also try this post, it's also related to your question. Group Names in User Management?

Another question is about security audit.

If you have QV-Admin rights for the server, worst case, you can obtain access to all apps in the qmc, exepting those one with section access.

Regards

balrajahlawat
Esteemed Contributor

Re: 'QlikView Administrators' server local group audit or workings

may get some evidence from Qliktech Support?

MVP
MVP

Re: 'QlikView Administrators' server local group audit or workings

May be this from ref manual is what you are looking for.

Untitled.png

Untitled.png

View solution in original post

Re: 'QlikView Administrators' server local group audit or workings

Well, this is basic Windows Access Control. The QMC is a proprietary web site that restricts access to its pages to members of the local QlikView Administrators group only (or in a limited fashion to Document Administrators). Is your Windows account not a member of this group, then you won't get in. Every Windows AD account that is a member of this group will be able to open the QMC and do whatever they feel like.

The QlikView Management Service (that is managing the web site and displaying the pages) doesn't do this by relying on NTFS file permissions, but instead contains code that actively monitors & manages authorizations and restricts access to whatever accounts are either member of this QlikView Administrators group (full QMC access), or have been assigned the role of Document administrators (limited QMC access. See QMC->System->Setup->Distribution Serices->Your QDS->General->Source Folders)

Peter

Not applicable

Re: 'QlikView Administrators' server local group audit or workings

Thank you tresesco! this should be perfect.