Solved: Re: Override NTName log on - Qlik Community

Report Inappropriate Content · ‎2013-12-30

I am trying to set up and test Section Access. They main route we will use is NTName. My question/problem comes, what if I want to log on as a specific user instead of my own NTName? Is there some key-stroke that will short circuit it and skip the NT/SID checks and go straight to a manual Name/Password?

For example, I have the below section access table:

LOAD * INLINE [

ACCESS, USERID, PASSWORD, NTNAME, %SECSOURCE

ADMIN, , ,DBG\CAMARK,*

ADMIN,ADMIN,ADMIN123,,*

];

Since I am dbg\camark, it will always log me on as that user. How can i force myself to log in as the ADMIN,ADMIN123 user?

Peter_Cammaert · ‎2013-12-31

NT authentication will only fail if the current account cannot be found in the SA table.

As long as you're just testing security mechanisms (and correct reduction, I imagine) why don't you just disable the NTNAMES in your SA table for the time being? It's not that you are running any big risks if you switch them back on afterwards...

Peter

View solution in original post

maxgro · ‎2013-12-30

Hi

For qlikview desktop, I think (never tried, just an idea) you can go to Qlikview desktop application folder, hold CTRL SHIFT, right click on qv.exe and Run as a different user

For server you may setup internet explorer browser to always ask for username and password when you connect to access point

Was what you asked for?

Regards

Report Inappropriate Content · ‎2013-12-31

unfortunately, the CTRL SHIFT or even sHIFT wasn't working for me. BUt that's likely due to access restrictions at work. ALas, I guess it isn't really possible.

Peter_Cammaert · ‎2013-12-31

For the AccessPoint, there is a very simple trick to test Section Access and alternate IDs:

Publish your model on the server
Obtain sufficient usernames/passwords to test all corners of SA behavior
Start Desktop
Select File->Open in Server...
Before connecting, select option Alternate Identity on the right. Insert domainname\account in the input box.
Click connect, enter a corresponding password and select your document from the list.
Click Open
Tada!

Best,

Peter

Report Inappropriate Content · ‎2013-12-31

thanks, I'll try that once we get our servers set up. We are still in the early adoption phases and I'm doing all of the proof of concept stuff on the personal desktop version.

Peter_Cammaert · ‎2013-12-31

For your desktop, you can try the Windows RUNAS.EXE command line tool. Let's you start any Windows executable as another user. May need some configuring though.

Peter

Report Inappropriate Content · ‎2013-12-31

Yeah, I was going that route, but ran into corporate restrictions on the machine, I was so hopeful it would work for me. I can work around it, was just hoping it was kinder. In truth, I wish I could run it as no user, so the NTUSER would fail and it would ask me for a user/pass. that's really what I want to do, force the NT authentication to fail so i can input a user id

Peter_Cammaert · ‎2013-12-31

NT authentication will only fail if the current account cannot be found in the SA table.

As long as you're just testing security mechanisms (and correct reduction, I imagine) why don't you just disable the NTNAMES in your SA table for the time being? It's not that you are running any big risks if you switch them back on afterwards...

Peter

Report Inappropriate Content · ‎2013-12-31

That's exactly how i planned to work around the issue. Thanks for the ideas and help.

Peter_Cammaert · ‎2013-12-31

If you mean PE by personal desktop version, it may be close to impossible to test any other NTNAMES, as your PE version and your documents are tied into your account. And handling PE recoveries will quickly become a mess...

Peter