QlikView Directory Service, Active Directory, DMS - prevent "all users" to get access to files / list files
We have a QlikView Setup with many QlikView files and strict security requirements. Usually a user has access to one or more files but nothing else. A user should not even be allowed to see other file names (as our file names already give some information about the content).
As we also add new files and add security settings for this files on a regular basis we want to reduce the possibility to do a wrong setup. Especially we are afraid that somebody might add access for "All Users" or "All Authentificated Users" to a document by accident.
Our Current Setup:
QlikView Files - WITHOUT Section Access
"DMS authorization" on QlikView Server
Directory Service Connector: Active Directory
Access to a file is given by changing the Authorization of a file on QlikView Management Console
I wonder if Section Acces can help here adding additional security?
When I understood everything correct we could
add section access to our files and restrict the files to certain AD User(s)
Ensure we use document property "Filter AccesPoint Document List Based on Section Access"
use AD users or groups without password (using field NTUSERS only)
use a database table as input for the list of users allowed users for section access (which would then allow me to add restrictions on a database level)
Is it correct that the effect would then be that
a user will only see documents in his list were he/she has Section Access PLUS Access on a Document level.
so even setting "All Users" in Management Console by accident would not show this file (name) to other users
our end users will not be asked again to enter their password when opening the QV file on AccesPoint
Did I oversee other possibilities to do further restrict the access? If yes, would be great if you could give me some hints.