Qlik Community

QlikView Publisher

Discussion Board for collaboration on QlikView Publisher.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
Not applicable

Security implementation on application distributed using publisher

Dear all,

I am trying to reduce and distribute a qlikview application using publisher and the distribution works fine.I have implemented security based on NTName and Password using section access on the application and im using DMS mode of authentication on the server.

The problem is when the user tries to access the distributed application through access point they are being asked for user id and password, but i am using section access to implement security on the application.

Along with the distributed applications there are 2 other applications which are not reduced/distributed and the users are able to access them without having to enter user id and password.My doubt is why is that only for distributed applications users are prompted for id and password ? Section access does not apply on distributed applications ? Kindly help me resolve this issue.

Thanks in advance!

Punar

Tags (1)
7 Replies
bnichol
Valued Contributor

Security implementation on application distributed using publisher

How do you have security configured for the 3 applications?  I presume the 2 that users aren't prompted for authentication are set with anonymous.

In AccessPoint, who is identified as "Logged in as:"?  If you are using DMS, the user is probably identified as anonymous.

What server, version, and client are you using?

B

Security implementation on application distributed using publisher

Hello Punar,

NTNAME and PASSWORD fields are incompatible in the same record of section access. NTNAME takes the credentials either when the user types them in the dialog or when they are passed directly (because of server configuration, for example) to the Server.

Try removing the PASSWORD field and see if that behaves as expected.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Not applicable

Security implementation on application distributed using publisher

Hi bnichol,

Yes you are right, the two applications that does not prompt for user id and password are with anonymous.

In the access point the users are identified as themselves only, not anonymous.

We are using QlikView Server 10.2 with IE plugin.The other difference between the application is this one is distributed.

Thanks

Punar

Not applicable

Security implementation on application distributed using publisher

Hi bnichol and Miguel,

I forgot to mention one thing, there are 2 admin users.When they try accessing the distributed applications they are not prompted for user id and password , does the role have any significance on this ?

Punar

Security implementation on application distributed using publisher

Hello Punar,

That shouldn't affect, in any way other than that they have their browsers set up to pass their credentials without being prompted. Apart from that, section access applies for all, although they are allowed to see all records with no reduction.

Anyway it all depends on how you have your section access, if you are using some "*" as value for their PASSWORD field or something.

Regards.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Not applicable

Security implementation on application distributed using publisher

Hi Miguel,

Oh yes i am using * for the password and userid fields, will that be a problem ? But i still dont understand why this happens only on distributed applications ? Will section access be considered after distribution ?

Thanks

Punar

Security implementation on application distributed using publisher

Hello Punar,

In version 10, Section Access is taken into account by the Publisher and the distribution tasks. Depending on what you want to get, though, it might make no sense. Say that you want to distribute by employee. The distribution tasks is already reducing data, so a section access here is useless, since the user already gets the document with only the data he or she can see.

Using the "*" is not a problem if you use it carefully (otherwise you can grant access to more users than intended).

Anyway, a sample of your section access script would help us to understand better your issues.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Community Browser