Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
cedriclupo
New Contributor III

NTFS AD Group Authorization on access point

Hello Qlik friends,

I have created 3 folders all containing Qlik documents.

     - Project1 on folder 1

     - Project2 on folder 2

     - Governance Dashboard on folder 3

Server is part of a windows domain

Server is configured as NTFS authorization

The 3 folders are mounted and accessible by the QMC

No publisher

SMB License (no DMS)

The aim is to make appear the correct applications in the access point depending on the user AD group, keeping the NTFS inheritance on each Windows folder.

So far, it works only when I add a single user to access the file, but it does not seem to work on AD group level.

Is it something that is not set well in the QMC?

Is it recommended to create a local group containing domain group?

Thank you for your answers

Cédric

5 Replies
zhadrakas
Valued Contributor

Re: NTFS Authorization on access point

AFAIK that's not possible with ad groups. Are the user member of a ad group which aren't allowed to access this sheet you couldn't give them access in any way - one access denial meant it's always denied regardless if there are further authorizations.

This meant you need to use single user instead of user groups (this mustn't be done manually - there are ways to read an ad, for example Search Recipes | Qlikview Cookbook) or more practically by 5 users: you used a visibility-condition for this sheet like:

if(match(osuser(), 'user1', 'user2', ...), true(), false())

Re: NTFS Authorization on access point

What are the (wrong) permissions you do get when you apply your AD groups to different folders? Do all users get access to too many documents? Or is everybody denied access to every document?

cedriclupo
New Contributor III

Re: NTFS Authorization on access point

Hello Tim,

it's not about sheets but about showing the documents in access point, which means that I can't add script: this is managed by AD.

cedriclupo
New Contributor III

Re: NTFS Authorization on access point

Hi Peter,

If I input just the groups in the permissions, nobody has access to anything.

cedriclupo
New Contributor III

Re: NTFS Authorization on access point

So if I can resume, here are the possibilities:

1)  We use publisher -> we create manual groups (you can't use AD groups)

2)  We have an enterprise edition (not SBE) and we create manual groups (you can't use AD groups)

3)  We have SBE edition (no DMS possible) and we add users one by one

I wonder why we can't use AD groups, it would be so much easier as it's already set up and no risk of error. It could directly be managed by help desk.

Community Browser