Section Access for Specific Users Only - Qlik Community

alopez

I am trying to do section access for only a specific user but all other users with access to the app I would like to grant full access. Is there a simple way of doing this without managing users in two places?

henrikalmen

One way of doing this could be to first create the rights for the specific user (ACCESS=USER), and to that access table you add all other users (load them from some kind of directory that you have) with ACCESS=ADMIN.

alopez

Is there a way to get all the users that have access to an app?

henrikalmen

If you by "have access to an app" mean users that have access to apps in the stream where this app resides, I'd say you actually don't need to find that out. You could simply load ALL users in your section access, but only those that actually has access to the app (through your other security rules) will be able to access it,

But I'm kind of confused by your initial question. What do you actually want to do with section access for the specific user? Are you going to use OMIT for some fields for this particular user, or what is it that you want to achieve?

alopez

I have 3 users in total.

1. Bob

2. Jorge

3. Fred

I wanted Jorge and Bob to have access to all data. I want Fred to be limited to company #3. Any future users that I add to the app, I would like default for them to have full access.

henrikalmen

Let's say you have five different COMPANY_ID, and Fred should only see data related to the company with ID 3.

First make sure that one specific user has expolicit access to all the companies. Then you can add further users that should be able to access all companies using an asterisk in the section access. Something like this:

Section Access;

LOAD * INLINE [
ACCESS, USERID, COMPANY_ID
ADMIN, INTERNAL\SA_SCHEDULER, 1
ADMIN, INTERNAL\SA_SCHEDULER, 2
ADMIN, INTERNAL\SA_SCHEDULER, 3
ADMIN, INTERNAL\SA_SCHEDULER, 4
ADMIN, INTERNAL\SA_SCHEDULER, 5
USER, FRED, 3
USER, BOB, *
USER, JORGE, *
];

Section Application;

alopez

That solution would require adding new users as they are added to the app. I tried astrick at the end but that would grant all users access to everything overwriting the top part. Sadly I reverted to using an excel document to just manage security in both spaces. It would be nice if they added a feature to section access to either pull all users that have access to the app or allow to apply section access to only specific users.

Or

That would depend entirely on how a user is added to an app. Is it directly via hardcoded Section Access? Is it being loaded from an Excel file? Perhaps from Active Directory groups, or from a database table?

Generally speaking, you can use:

Users:

Load * INLINE [

USERID, COMPANYID

Name1, 1

Name2, 2

];

JOIN

Load USERID, '*' as COMPANYID INLINE

[

Name3

Name4

Name5

];

And then use that for Section Access.

alopez

We provide view access to the specific users that need access on Qlik Sense SAAS. We would then now separately also manage the section access otherwise when the login they'll get access denied.

henrikalmen

I still don't quite understand how you assign access to the app for your users. Is it using custom properties? If so, you could probably pull that list from a qlik API and use it when creating the section access table.

Or does Qlik Sense SaaS have some kind of standard management in QMC where you can grant access to a specific app for a specific user? (I'm using the on-prem version of Qlik Sense, the clloud solution could have such features that I'm not aware of.)