Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Not applicable

Override NTName log on

I am trying to set up and test Section Access.  They main route we will use is NTName.  My question/problem comes, what if I want to log on as a specific user instead of my own NTName?  Is there some key-stroke that will short circuit it and skip the NT/SID checks and go straight to a manual Name/Password?

For example, I have the below section access table:

LOAD * INLINE [

    ACCESS, USERID, PASSWORD, NTNAME, %SECSOURCE

  ADMIN, , ,DBG\CAMARK,*

  ADMIN,ADMIN,ADMIN123,,*

];

Since I am dbg\camark, it will always log me on as that user.  How can i force myself to log in as the ADMIN,ADMIN123 user?

1 Solution

Accepted Solutions

Re: Override NTName log on

NT authentication will only fail if the current account cannot be found in the SA table.

As long as you're just testing security mechanisms (and correct reduction, I imagine) why don't you just disable the NTNAMES in your SA table for the time being? It's not that you are running any big risks if you switch them back on afterwards...

Peter

9 Replies
MVP
MVP

Re: Override NTName log on

Hi

For qlikview desktop, I think (never tried, just an idea) you can go to Qlikview desktop application folder, hold CTRL SHIFT, right click on qv.exe and Run as a different user

For server you may setup internet explorer browser to always ask for username and password when you connect to access point

Was what you asked for?

Regards

Not applicable

Re: Override NTName log on

unfortunately, the CTRL SHIFT or even sHIFT wasn't working for me.  BUt that's likely due to access restrictions at work.  ALas, I guess it isn't really possible.

Re: Override NTName log on

For the AccessPoint, there is a very simple trick to test Section Access and alternate IDs:

  • Publish your model on the server
  • Obtain sufficient usernames/passwords to test all corners of SA behavior
  • Start Desktop
  • Select File->Open in Server...
  • Before connecting, select option Alternate Identity on the right. Insert domainname\account in the input box.
  • Click connect, enter a corresponding password and select your document from the list.
  • Click Open
  • Tada!

Best,

Peter

Not applicable

Re: Override NTName log on

thanks, I'll try that once we get our servers set up.  We are still in the early adoption phases and I'm doing all of the proof of concept stuff on the personal desktop version.

Re: Override NTName log on

For your desktop, you can try the Windows RUNAS.EXE command line tool. Let's you start any Windows executable as another user. May need some configuring though.

Peter

Not applicable

Re: Override NTName log on

Yeah, I was going that route, but ran into corporate restrictions on the machine, I was so hopeful it would work for me.  I can work around it, was just hoping it was kinder.  In truth, I wish I could run it as no user, so the NTUSER would fail and it would ask me for a user/pass.  that's really what I want to do, force the NT authentication to fail so i can input a user id

Re: Override NTName log on

NT authentication will only fail if the current account cannot be found in the SA table.

As long as you're just testing security mechanisms (and correct reduction, I imagine) why don't you just disable the NTNAMES in your SA table for the time being? It's not that you are running any big risks if you switch them back on afterwards...

Peter

Not applicable

Re: Override NTName log on

That's exactly how i planned to work around the issue.  Thanks for the ideas and help.

Re: Override NTName log on

If you mean PE by personal desktop version, it may be close to impossible to test any other NTNAMES, as your PE version and your documents are tied into your account. And handling PE recoveries will quickly become a mess...

Peter

Community Browser