Security Mechanism

in

Scenario at
There are two types of user for Accessing Application.
1) Internal User (Same Location/Domain)

2) External User (Different Locations/Domains)

External User/ Dealer need to see their own data
based on their Roles defined to them.
Architecture
Qv Server
Qv Web Server
External User
XML data Created by QV Server : contains
userid and password
Data Source
Internal User
Windows Authentication
yes
Note : We need to create two Web Server. One for Internal User and Other for External user
Section Access Architecture (Internal User)

Qlikview Server Contains Web Server which
allows the Application (qvw) to be access
over the Web.

Through first Web server the user will be
accessing the application through below link
(Default link to access qlikview)
http://ipaddress/Qlikview/index.html.

The user will be authenticated based on
Active Directory (Windows Authentication).

User Name need to be added in Application
file for user to view the application.
(Application Level Security (Section
Access) )



Web Server
Internal User
Windows
Authentication
QlikView
Server

Windows Authentication



How it Works ?

Qlikview Authenticates User credential with the windows
and they will be able to see the application based on the
Access provided to them on Qlikview Server

They can be also restricted based on Cals
eg: User might be able to view all the application, since
he a document cal attach to his name. He might be able
to open only assigned Cal application.

What is Section Access ?
It reduces the application
data based on User
Profile.


Access can be denied at
sheet level for a user


Access can be denied at
Object level for a user







MB India
Dealer
Qvw
File
Sheet
1
Sheet
2
Pivot
Table 1

Pivot
Table 2

Section Access with Windows Authentication



Section Access;
noconcatenate
LOAD
ACCESS,NTNAME,[DEAL
ER ID]
resident UserData;
Section
Application;
ACCESS NTNAME DEALER ID
USER APAC\MUSSU
ALL
Order No
Order Date
Customer
DEALER ID
Where DEALER ID = ALL
Order table
IE
IE
MUSSU
JITENAN
No User
Access
Denied
Active
Directory
Architecture (External User)
Second Web server will be added in Qlikview
Server

This web server will be located in different machine
( like Test Server)

In the server setting of Second web server
we will be adding the path of login page
and this link will be provided to user for
authentication
http://ipaddress/Qlikview/login.html.

The user will be created in Qlikview Server and the
same is stored in form of XML file in the server
machine. The login page will use the XML file for
authentication

User Name created in server needs to be added in
Application file for user to view the application.
(Application Level Security)



QV Web Server 2
External User
QlikView
Server

How to Create A Web Server
Click on the Green Add button
to add the new Web Server
Enter IP address of the second web
server to the text box
http://IPADDRESS :4750/qvws.asmx
Go to Access Point.
Change the Authentication to Login.
Enter http://Original IP Address/qlikview/login.htm.
Press Apply.
Note : Authorization will be DMS
Creating Custom User
Select Directory Service Connectors
from System Tab
Expand the DSC server by
clicking on the plus sign.
Creating Custom User
Select Custom Directory and create
a directory Service and clicking
on the add button.
Users are created inside Users tab.

Enter the User Name and Password
in their respective textbox.

Press Add and then press Apply.
XML File
User Created in Custom Directory
are stored in a Xml file

The user Password are stored in xml
in a encrypted format.





External User
When users enter the ID and Password , it gets authenticated using the
XML information.
Authorization
Go to Documents Select the Application Go to Authorization Tab Click on the Green(+) button to add users.


Note : User added will be able to see the application. Anonymous will make it visible to all users.
Section Access on External User How it works ?
Note : User Role and Role Master are Excel Files
S_User
USERID
POSITIONID
S_Postn
POSITIONID
DIVISIONID
Account Master
DIVISIONID
DIVISION
DEALER
USER
USERID
POSITIONID
DIVISIONID
DIVISION
EDealer
User Role
USERID
Role
Excel
Rolemaster
Role
Divison
Dealer
Qvd
Link Users to their Division through Position
(The information is retrieved from EDealer)

The Users are link to the Roles Assign to
them.

Based on this Roles the Data are restricted
in the Fact tables (eg: Order Table)



Reducing Data based on user Profile How it works ?
JITENAN
(UserID)
Sale
App.qvw
Identifying
User
ACCESS NTNAME DEALER ID
USER APAC\MUSSU
T& T
User Identified = T&T
Invoice Table
Invoice No
Invoice Date
Division
Dealer
Where Dealer = T & T
Summary
There are two Web server. One for Internal User and Second one for External Users

Internal User are authenticated based on NT information. External User are
Authenticated based on the Login and Xml Data.

External User are created on Qlikview Sever, their information are stored in a
Xml format

Based on the user Roles data gets filtered in the Fact and Master Tables.

Authorization at File level (visibility of Files) can be done at user as well as can
be as anonymous



Important Points
Section Access is independent of Qlikview Server

Section Access can Work on Local Machine.

Section Access needs User Name or NT Name for Identification.

Section Access restricts the data in File.

Section Applied written on a Qlikview File will imply only to that file.

Section Access restricts data at three Levels Data, Object and Sheet.
but cannot restrict the User from viewing it in the Access point.
This part is done at Qlikview Server.





Thank You