Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2011-07-06 03:43 AM

Single sign-on and security issue

Hi,

Today I've a very unsafe environment: publisher loop&reduce a qvw file into file_usr1...file_usrXXX, each file with the only specific data for the corresponding user.

Each user access the document with IE client or Ajax in anonymous way.

The only security is the portal link that redirects the user to the appropriate document.

The problem is that access point is free...so anyone logged in the intranet, knowning the link, can access every document...

My portal implement SSO policy...so I think the best way to implement security is integrate qv server with my sso infrastructure.

How can I do this?

Can I continue to use my loop&reduce ploicy generatinx one file for each user, or the best solution is to use section access in the qvw document, reducing document on the fly?

IMPORTANT: my user number is around 400...and is always in change...so is impossible to map each user on the section access....

Can anyone help me?

thank you in advance!

Matteo

1,221 Views
0 Likes
4 Replies
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2011-07-06 03:52 AM

Hi,

   I feel the Section Access is the way to do this.

   As you said you have 400 changing users.

  For that you can use the Excel sheet to manage them, and use the excel sheet in Section Access.

Regards,

Kaushik Solanki

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
274 Views
0 Likes
Anonymous
Not applicable
‎2011-07-06 04:12 AM
Author

In response to kaushiknsolanki

Thank you!

So I think I've to define for each document a section like this:

SECTION ACCESS;

LOAD

UPPER(Level) AS ACCESS,

UPPER(DomainName) AS NTNAME,

UPPER(PASSWORD) AS PASSWORD

FROM Access.XLSX;

The only informations I know is the ACCESS and the NTNAME, I don't know password. How can I retrieve the informations of a logged user from the Portal SSO system?

I need to retrieve the user informations from SSO and not from Active directory or operating system:

A user log-on in the portal with username and password, a sso cookie is created...he cliks the link to the document and at this moment I need to retrieve the information about who is trying to open the document and check if he's the permission to do that...how can I do that?

Thank you

274 Views
0 Likes
kaushiknsolanki
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2011-07-06 04:30 AM

In response to Anonymous

Hi,

   Instead of Password you can have NTDOMAINSID.

   For more on section access read below document.

   http://community.qlik.com/docs/DOC-1853

Regards,

Kaushik Solanki

Please remember to hit the 'Like' button and for helpful answers and resolutions, click on the 'Accept As Solution' button. Cheers!
274 Views
Anonymous
Not applicable
‎2011-07-06 04:33 AM
Author

In response to kaushiknsolanki

Thank you!

I'll try it!

274 Views
0 Likes