1 / 18

Security Mechanism in

Security Mechanism in. Scenario at. There are two types of user for Accessing Application. Internal User (Same Location/Domain) 2) External User (Different Locations/Domains) External User/ Dealer need to see their own data

laneparker
Download Presentation

Security Mechanism in

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Mechanismin

  2. Scenario at • There are two types of user for Accessing Application. • Internal User (Same Location/Domain) • 2) External User (Different Locations/Domains) • External User/ Dealer need to see their own data • based on their Roles defined to them.

  3. Architecture Windows Authentication Internal User Qv Server yes Data Source External User Qv Web Server XML data Created by QV Server : contains userid and password Note : We need to create two Web Server. One for Internal User and Other for External user

  4. Section Access Architecture (Internal User) • Qlikview Server Contains Web Server which allows the Application (qvw) to be access over the Web. • Through first Web server the user will be accessing the application through below link (Default link to access qlikview) http://ipaddress/Qlikview/index.html. • The user will be authenticated based on Active Directory (Windows Authentication). • User Name need to be added in Application file for user to view the application. (Application Level Security (Section Access) ) QlikView Server Web Server Windows Authentication Internal User

  5. Windows Authentication How it Works ? • Qlikview Authenticates User credential with the windows and they will be able to see the application based on the Access provided to them on Qlikview Server • They can be also restricted based on Cals • eg: User might be able to view all the application, since he a document cal attach to his name. He might be able to open only assigned Cal application.

  6. What is Section Access ? It reduces the application data based on User Profile. Access can be denied at sheet level for a user Access can be denied at Object level for a user Qvw File Dealer MB India Sheet2 Sheet1 Pivot Table 1 Pivot Table 2

  7. Section Access with Windows Authentication Active Directory Section Access; noconcatenate LOADACCESS,NTNAME,[DEALER ID] residentUserData; SectionApplication; No User Order table IE MUSSU IE Where DEALER ID = ALL JITENAN Access Denied

  8. Architecture (External User) • Second Web server will be added in Qlikview Server • This web server will be located in different machine ( like Test Server) • In the server setting of Second web server we will be adding the path of login page and this link will be provided to user for authentication http://ipaddress/Qlikview/login.html. • The user will be created in Qlikview Server and the same is stored in form of XML file in the server machine. The login page will use the XML file for authentication • User Name created in server needs to be added in Application file for user to view the application. (Application Level Security) QlikView Server QV Web Server 2 External User

  9. How to Create A Web Server Click on the Green Add button to add the new Web Server Go to Access Point. Change the Authentication to Login. Enter http://Original IP Address/qlikview/login.htm. Press Apply. Enter IP address of the second web server to the text box http://IPADDRESS :4750/qvws.asmx Note : Authorization will be DMS

  10. Creating Custom User Select Directory Service Connectors from System Tab Expand the DSC server by clicking on the plus sign.

  11. Creating Custom User Select Custom Directory and create a directory Service and clicking on the add button. Users are created inside Users tab. Enter the User Name and Password in their respective textbox. Press Add and then press Apply.

  12. XML File User Created in Custom Directory are stored in a Xml file The user Password are stored in xml in a encrypted format. External User When users enter the ID and Password , it gets authenticated using the XML information.

  13. Authorization Go to Documents  Select the Application  Go to Authorization Tab  Click on the Green(+) button to add users. Note : User added will be able to see the application. Anonymous will make it visible to all users.

  14. Section Access on External User – How it works ? EDealer • Link Users to their Division through Position • (The information is retrieved from EDealer) • The Users are link to the Roles Assign to them. • Based on this Roles the Data are restricted in the Fact tables (eg: Order Table) Qvd Excel Note : User Role and Role Master are Excel Files

  15. Reducing Data based on user Profile – How it works ? User Identified = T&T Identifying User JITENAN (UserID) Where Dealer = T & T Sale App.qvw

  16. Summary • There are two Web server. One for Internal User and Second one for External Users • Internal User are authenticated based on NT information. External User are • Authenticated based on the Login and Xml Data. • External User are created on Qlikview Sever, their information are stored in a • Xml format • Based on the user Roles data gets filtered in the Fact and Master Tables. • Authorization at File level (visibility of Files) can be done at user as well as can • be as anonymous

  17. Important Points • Section Access is independent of Qlikview Server • Section Access can Work on Local Machine. • Section Access needs User Name or NT Name for Identification. • Section Access restricts the data in File. • Section Applied written on a Qlikview File will imply only to that file. • Section Access restricts data at three Levels Data, Object and Sheet. • but cannot restrict the User from viewing it in the Access point. • This part is done at Qlikview Server.

  18. Thank You

More Related