Skip to main content Skip to complementary content

Protection of the Platform

Functionality

The functionality for downloading documents and/or print and export to Microsoft Excel can be restricted at the user level for each document on the server.

Special Accounts

Supervision Account

The supervision account is granted access to all documents that are created by tasks in QlikView Publisher. The characteristics of the supervision account are as follows:

  • Provides access to all files on the QVS
  • Does not provide any access to the QlikView Management Console (QMC)
  • Respects the types of clients that are allowed for each document (for example, a supervision account cannot open a QlikView document using the AJAX client, if the AJAX client has been blocked by the user that created the task)

Anonymous User Account

When QVS is started for the first time on a machine, a Windows account is created for anonymous users. The account name is IQVS_name, where name is the name of the machine in the local network.

If the machine in question is a domain server, the anonymous account is created as a domain account. If not, it is created as a local machine account.

Each folder and file that is to be available for anonymous clients must be given read privileges for the anonymous account.

Information note Start QVS and let it create the anonymous account before attempting to grant any privileges. Do not try to create the anonymous account manually.

QlikView Administrators

The QlikView Administrators group is used for granting access to the QlikView Management Console (QMC) as well as authorization of communication between services, if Windows Authentication is used.

Communication

Protection of AJAX Client

The AJAX client uses HTTP or HTTPS as the protocol for communication between the client browser and the QlikView Web Server (QVWS) or Microsoft IIS. It is strongly recommended to protect the communication between the browser and the web server using SSL/TSL encryption over the HTTP protocol (that is, HTTPS). If the communication is not encrypted, it is sent as clear text.

The communication between the web server and QVS uses QVP as described below.

Protection of Plugin

The QlikView plugin can communicate with QVS in two ways:

  • If the plugin has the ability to communicate with QVS using QVP (port 4747), the security is applied as follows:
  • Server Communication

  • If the communication cannot use QVP or if the client chooses it in the plugin, the communication is tunneled using HTTP to the web server.

If HTTPS is enabled on the web server, the tunnel is encrypted using SSL/TLS.

Server Communication

The QVS communication uses the QVP protocol, which is encrypted by default. The QVP protocol can be protected using 1024-bit RSA for key exchange and 256-bit AES GCM for data encryption, provided the Microsoft Enhanced Cryptographic Provider is installed. If the Microsoft Base Cryptographic Provider is used, the protection of the communication is 512-bit RSA for key exchange and 128-bit AES CBC for data encryption.

Services Communication

The services that are part of the QlikView platform (that is, QVS, DSC, QMC, QDS, and QVWS) all communicate using web services. The web services authenticate using Integrated Windows Authentication (IWA).

SSL and TLS support

The following table shows QlikView support for SSL and TLS.

SSL vs TLS support
- SSL v3.0 TLS v1.3 TLS v1.2 TLS v1.1 TLS v1.0
QlikView May 2023 - -
QlikView May 2022 -

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Join the Analytics Modernization Program

Remove banner from view

Modernize without compromising your valuable QlikView apps with the Analytics Modernization Program. Click here for more information or reach out: ampquestions@qlik.com