'QlikView Administrators' server local group audit or workings
I spent some time searching on the forum, but couldn't get to an answer on what I'm looking for.
Basically, we're being asked by auditors how does QlikView knows that the administration is only supposed to be done by those in the 'QlikView Administrators' group on the local server user & group area of the management console. I went over the QlikView Reference Manual and couldn't find any mention of this there either...
We have already answered questions about the AD config and the way applications access is done, but we couldn't show them (auditors) any evidence of the above question.
Has any of you heard or know how this works or can be proven?
Here's a reference to a post with a related question, but this one is only on the surface and about the difference between the group in question here and local server admins: QlikView Admins vs Local Admins
Re: 'QlikView Administrators' server local group audit or workings
Well, this is basic Windows Access Control. The QMC is a proprietary web site that restricts access to its pages to members of the local QlikView Administrators group only (or in a limited fashion to Document Administrators). Is your Windows account not a member of this group, then you won't get in. Every Windows AD account that is a member of this group will be able to open the QMC and do whatever they feel like.
The QlikView Management Service (that is managing the web site and displaying the pages) doesn't do this by relying on NTFS file permissions, but instead contains code that actively monitors & manages authorizations and restricts access to whatever accounts are either member of this QlikView Administrators group (full QMC access), or have been assigned the role of Document administrators (limited QMC access. See QMC->System->Setup->Distribution Serices->Your QDS->General->Source Folders)