Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
sanchayan
Contributor

Use of DMS Authorization

Hi,

So what I know about DMS Authorization is that :

  • Authorization to qvws is maintained in QVs internal repository i.e. in the .meta file and to give users access to documents we have to either distribute it to the users in Publisher task distribution or add the user to the Authorization Tab in User Documents.


  • Used when we need to give access to Non-Windows users, like in case of HTTP Header Authentication or Web Ticket/ Custom Ticket Exchange Authentication.

So now my question comes :

1. If we use NTFS Authorization as well, can we not give access to Non-Windows users?

In our company, we are using NTFS Authorization even in case of HTTP headers and it should work fine as I am not finding any difference between NTFS and DMS Authorization except the case that in one ACL information is stored as a Windows NT Priviledge and in the other in .meta files.

2. So why should we use DMS for users who are accessing documents from different domains i.e. for Non - Windows users ?

3 Replies

Re: Use of DMS Authorization

Simple.

With NTFS authorization, rights/permissions are assigned to AD-defined users. But external (i.e. "Non-Windows") users do not exist in AD. That's why you need a trick like DMS for which you first create your own set of user definitions (for example, a user directory of type "CUSTOM") and then link them to the proper non-Windows permissions in DMS.

Best,

Peter

sanchayan
Contributor

Re: Use of DMS Authorization

Hi Peter,

1. So you are telling that only when we are using AD as our DSP then only we can use NTFS Authorization right?

2. But for both NTFS and DMS we can look up on any of the directories whether it be CUSTOM or ODBC or AD, to search for the users and distribute the application right?

3. Even in our environment, NTFS authorization is used for QVS and there are 2 external web servers where authentication is through Headers. But I read that when using headers we must use DMS Authorization, is that correct information?

Regards,

Sanchayan

Re: Use of DMS Authorization

  1. No, that is not correct. NTFS authorization can be used with Local Directory and Windows NT DSPs as well.

  2. If you enable DMS, you move away from explicit NTFS permission management. DMS will take over (but will still manage some NTFS permissions to get the job done)

  3. I'm not sure. I don't think that the use of Headers forces you to drop NTFS authorization, as Headers only mean to identify users. AFAIK their definition can still be done in AD...

Best,

Peter

Community Browser