Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Launches Open Lakehouse and advanced agentic AI experience in Qlik Answers! | LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ali_hijazi
Partner - Master II
Partner - Master II
yesterday

Secure call to root container LCGV or DCGV

Hello 

I need help figuring out how to accomplish the following:

We have 2 root containers: RC1 and RC2

Is there a way to prevent developers from other than team1 to make DCGV calls to RC1? Or LCGV in case the container we want secure is in the same root container 

I can walk on water when it freezes
92 Views
1 Solution

Accepted Solutions
thomasmaure
Luminary Alumni
Luminary Alumni
11 hours ago

Hello, 

QDF has no security features and relies on NAS access right as well as Qlik data connection access. 

When calling DCGV , you pass the path to the root container via a folder data connection 
call DCGV('lib://QDF_ROOT_1/10.RC1','', 'RC1');

The DCGV statement works only if developers have the right to use the QDF_ROOT_1 folder data connection and read access to the folder. 

However, I think this is valid only is reload is performed by developer. As soon as app reload is scheduled, the reload is executed by the scheduler service which in most cases has full visibility on all NAS and data connections...  
So to make the restriction really effective you need to forbid developers to create tasks and let this activity to trustable persons that would verify the script does not violate your security rules. 
Hope this helps . 

View solution in original post

36 Views
0 Likes
3 Replies
thomasmaure
Luminary Alumni
Luminary Alumni
11 hours ago

Hello, 

QDF has no security features and relies on NAS access right as well as Qlik data connection access. 

When calling DCGV , you pass the path to the root container via a folder data connection 
call DCGV('lib://QDF_ROOT_1/10.RC1','', 'RC1');

The DCGV statement works only if developers have the right to use the QDF_ROOT_1 folder data connection and read access to the folder. 

However, I think this is valid only is reload is performed by developer. As soon as app reload is scheduled, the reload is executed by the scheduler service which in most cases has full visibility on all NAS and data connections...  
So to make the restriction really effective you need to forbid developers to create tasks and let this activity to trustable persons that would verify the script does not violate your security rules. 
Hope this helps . 

37 Views
0 Likes
ali_hijazi
Partner - Master II
Partner - Master II
11 hours ago
Author

In response to thomasmaure

Hello 
thank you for your prompt replies
well yes for reloads performed by developers it's good to forbig them from connecting to a root container

I can walk on water when it freezes
31 Views
0 Likes
thomasmaure
Luminary Alumni
Luminary Alumni
10 hours ago

What I tried to explain is that QDF is just a framework to support the use of containers which are units enabling to structure consistently script code, configuration files and data files in a single place.

It helps for many aspects such as team development, code sharing between apps, versioning or app migration between instances but it does not deals with security and for these aspects you are left with what Qlik proposes.   

12 Views