Discussion Board for collaboration on QlikView Security and Governance.
I was wondering if anyone had a naming convention they used for AD roles for maintaining both security to the Application folders and also for section access and loop and reduce.
All access role QV Professional Billing Executive RESOURCES
Limited section access role QV Professional Billing Manager RESOURCES
or access by area
QV Professional Billing Manager North Campus RESOURCES
QV Professional Billing Manager South Campus RESOURCES..
Does anyone maintain a separate OU for their QV Application Roles?
Who manages access? I am afraid since we used role based access I will have AD Roles blow up when security decided to give access to a ROLE instead of by users directly.
I've seen customers set up different ways, but the one I like the best is:
Separate OU for Qlikview.
Group for every Document named: Qv Users - document name (eg Sales).
Group for developers that covers write access to the common development directories: QV Developers.
Group for restricted developer directories: QV Developers - Payroll
Group owner approves membership in group. AD security team does the update. The OU can be delegated to QV Admin if desired.
That looks like a good plan. I will have to try to sell it up the chain.