5 Replies Latest reply: May 25, 2012 9:20 AM by Miguel Angel Baeyens de Arce RSS

    Only Section Access for security

      Hello everybody,

       

      There is a little over a month, we adopt security risk to the panels using only section access, previously worked for the "Active Directory" and the "Section Access." When we wanted a user had access was only release the user to the folder it was in the application and enter the "login" network on the worksheet´s access. When the user needs access, we insert your network login to the worksheet´s access. For the user who already had access worked perfectly, but for new users, this is not working. Someone tell me if you need some configuration in QEMC or "All authenticated users" does not work?

      Thank you!

        • Only Section Access for security
          Miguel Angel Baeyens de Arce

          Hi Tiago and welcome to the QlikCommunity!

           

          Assuming you are using NTNAME as the key field in Section Access, and that nothing has changed from when it worked and now, are you using Publisher? If so, how are your tasks configured? You actually might need to change distribution to All Authenticated Users instead of manually add each new user you add to the NTFS permissions.

           

          If you are not using Publisher, what is the difference between users that don't work and users than do?

           

          Hope that helps.

           

          Miguel

            • Only Section Access for security

              Hi Miguel, thanks for help,

               

              Yes, i´m using NTNAME for Key on section access and my server have a Publisher, when I set the tasks,  choose the folder that will be ditributed and choose for a Users or Group "AllAutheticated", but I did not understand if I have to put in the publisher for any users that is in my access worksheet or I have to insert All Authenticated" even.

               

              Thank you!

               

              Tiago Juncioni

                • Only Section Access for security
                  Miguel Angel Baeyens de Arce

                  Hi Tiago,

                   

                  AllAuthenticated means all users with permissions to see the AccessPoint, therefore saving you to hardcode each one of the users in the security directory allowed to see it.

                   

                  But even when AllAuthenticated is set, it respects Section Access, if a user that is already in the AD -but is not in the Section Access- gets to the AccessPoint, and all the documents have checked "Filter AccessPoint Document List Based on Section Access" in the Settings menu, Document Properties, Server tab, this user will only see those documents where he is granted in Section Access.

                   

                  That's the Server part. On the Client part, you need, of course, to add any new user to the Section Access table, and if it is pulled from an Excel file, you need to add all new users to this Excel file, and reload: Section Access changes are like any other script change: they only take place after reloading.

                   

                  Hope that makes sense and helps.

                   

                  Miguel

                    • Only Section Access for security

                      Hi Miguel,

                       

                      Ok, i´m doing everything that you say, but now I have a new problem, yesterday I reloaded five panels

                      which are distributed with "All Authenticated" and all failed, the same error is:

                       

                      "Error Failed to generate QVW files.. Exception=System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\QlikTech\DistributionService\1\temp\fc692ea2-eb5a-4cea-be72-ac69ffc2d3ad\document.qvw'.

                      File name: 'C:\ProgramData\QlikTech\DistributionService\1\temp\fc692ea2-eb5a-4cea-be72-ac69ffc2d3ad\document.qvw'"

                       

                      As we needed that loads will not fail in the morning, we set in Distribute to folder one group which have the server´s administrators and it worked, but now no one sees the panels on Access Point.

                       

                      You know what can be?

                       

                      Thanks for help.

                        • Only Section Access for security
                          Miguel Angel Baeyens de Arce

                          Hi Tiago,

                           

                          It seems you are using the same folder for Source and User documents. Without Publisher, this folder is actually the same (you can only schedule reloads, but you cannot distribute). With Publisher, the distribution overwrites the source, so if you are reloading the same document in the same place, you might be overwriting the old document. Note that published documents do not have script.

                           

                          Check the QMC and make sure that folders are different for each service (QVS and QDS)

                           

                          Hope that helps.

                           

                          Miguel