Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Our deployment uses a combination of ntfs and section access for security. all except one app has section access in the script.
For a new app (MDR.qvw) I've deployed i stipulate define 'mdr-user' ad group as having user access in section access. User A and B are both members of the 'mdr-user' ad group.
On QMC I've limited the doc cal to one but with dynamic cal assignment.
So user A opens MDR.qvw in chrome and I see in QMC that he has consumed a doc cal.
Couple of days later I ask user B to open MDR.qvw from AccessPoint using chrome. I was hoping to see User B has now consumed that doc cal. instead I see he has leased a user cal (user B was not previously in the list of Assigned CALs on QMC>>System>>Licenses>>Client Access Licenses(CALs)>>Assigned CALs) but once he opened MDR.qvw suddenly his account appeared.)
Upon further investigation I see that a couple months ago he used another application - AssetsAndLiabilities.qvw. I review this app and see that there is no section access in the script.
Thanks
Ross
Hi Ross,
As an FYI I have forward this to CS Australia to reach out with you. I would recommend we look at this from a health check perspective.
Personally I believe using DMS and having publisher maintain permissions is preferable to NTFS. This provides a single place for an audit trial. Also I thought that is what we setup a few years ago.
My thoughts on your points.
1. Access point permissions has changed a little bit, however I am fairly certain that the ability to view a document is controlled by either the NTFS or DMS permissions. In your case it is the NTFS permissions. Section Access should limit who can open the document.
2. Security should not be on the Source Documents version of the application. It should be the permissions on the User Documents version. Again assuming that the environment is as it was a number of years ago. However I would recommend using publisher to specify the permission with the DMS permissions. This will allow you to verify authorisation via just the QMC rather than the QMC, NTFS and also the Access Control List.
3. I am not sure on this. However I believe the highest available license is assigned with Dynamic Assignment on.
4. Refer to point 1. Note that hte concept of ADMIN or USER is not applicable for Access Point. This is only applied to the Desktop Client.
If you have any questions then please contact me directly.
Damian
Hi Damien,
I believe there is an (optional, off by default) option on QMC to hide a document in AP when section access restricts access to this document to the user (to avoid showing the document, but then denying access).
Best,
Stefan
Hi Damian.
wow, quick response - on the ball hey?
Send me your email address if you'd like me to respond directly.
thanks,
Ross.