4 Replies Latest reply: Aug 16, 2013 8:31 AM by John Brazier RSS

    QlikView Privileges

      Dear All,


      Running the QlikView server without the publisher, and I'm trying to control access to specific models by group prmissions. The server manual states:

      "This is based on the operating system privileges and Windows NTFS is used for the ACL. The privileges of the authenticated user are configured by a server administrator using standard Windows Explorer functionality via directory properties options."


      The thing is, what are the minimum privileges needed for a user to be able to use the model? Does this minimum change if the user is allowed to create bookmarks or other objects?


      I don't seem to be able to find this documented anywhere!





        • Re: QlikView Privileges
          Brent Nichol

          What do you mean by model?  Are you trying to restrict access to the document or to data within the document?


          If you have separate documents for each model, then you should apply file permissions on each document for only the user groups that make sense.


          If you are trying to control access to model data within a single application, then you need to apply Section Access on your load script.




            • Re: QlikView Privileges

              Dear B,


              Thanks for the reply.


              Let's put it this way:


              I have built a model (= document) for Marketing. Just the whole document.


              As if by magic, the Windows AD system has a group called Marketing.


              So I create a folder within the QlikView document space, called Marketing, and place the model in it (let us say it's called Accounts.qvw).


              I go to the Marketing folder, and it has all sorts of permissions/privileges on it. I clear all the ones except the admins/SYSTEM that are required.


              I now add the Marketing group. What are the minimum set of privileges/permissions I need to give for a QlikView model to work for Marketing? Is ir Read? Is it Read and Write? Is it Modify and ... etc?


              I'm trying to work to a minimum privilege model for security: people should have no more access then they need. Now for all I know, they only need read privilege, and then QlikView will use escalation/impersonation to allow them to write bookmarks (for example). The problem is that the manuals say "use Windows AD to control access" - but what access?


              That's the point - I can't find it documented anywhere where Windows security interleaves with QlikViews' security.




              John B