Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
pacoli2013
Creator
Creator
‎2016-11-14 08:51 AM

Control Access

Hello,

I could need some help. I’m testing Access Control. Therefore I have build a Qlikview Document named Allowance it has 5 sheets: Start, Information, Dashboard, Dimensions and Controle. I have a QVD, named AccessAllowance. I get this QVD from our DWH-manager.

The rules for the Access are:

  1. 1. There is a qadmin (user = qadmin, password is qadmin).
  2. 2. Identification should be UserName and Password from DomainName or AccessPoint if possible.
  3. 3. When not possible UserName and Password from QVD-file Allowance.qvd should permit allowance.
  4. 4. If field InActive = 0, no access is granted, access is permitted when InActive = -1
  5. 5. If date(Now()) is not between DIMENSIONVALUEVAILEDFROM and DIMENSIONVALUEVAILEDTO no allowance is permitted.
  6. 6. After Allowance is permitted, ALLDIMENSIONVALUESALLOWED should be tested, if when ALLDIMENSIONVALUESALLOWED = 0 the all markers/flags should be activated, when ALLDIMENSIONVALUESALLOWED  = -1 no markers should be activated.
  7. 7. If ALLDIMENSIONVALUESALLOWED = 0, REPORTINGALLOWANCEDEMENSION_PK and DIMENSIONVALUEALLOWED should be tested, because DIMENSIONVALUEALLOWED is/are the value(s) the user is permitted to see of a specific Dimension. It is possible that more then 1 Dimension is permitted and more then 1 values within the Dimension is permitted.
  8. 8. Also if ALLDIMENSIONVALUESALLOWED = 0,  the user is not allowed to see all the sheets, the controle-sheet is only for users with full access.


At this moment:

  • ·Qadmin can start the document (point 1)
  • ·When someone starts the document, his password is asked. When a wrong password (three times) is given the user gets the message  that he has no access. (point 03).
  • ·Setting the Markers using the IF-statements in works as far I can see (point 06).

I build in point 4 and 5 but I think at the wrong place.

I’m not so happy with the inline Marker-tables, but at the moment I think there is no other solution.

The IF-statements where REPORTINGALLOWANCEDEMENSION_PK is tested, doesn’t work at all, that’s why I comment them.

I hope some can help me with my access-problems. Perhaps I should ask for a new designed QVD. The QVD is build with the DWH rules as basis. 

I have added my Document and QVD’s

Thanks in regards

 

Allowance.qvw
Test_Sales.qvd
AccessAllowance.qvd
307 Views
0 Likes
4 Replies
marcus_sommer
MVP
MVP
‎2016-11-15 03:14 AM

Section access within qlik worked a bit different of that what do you described as wanted. An user is included within the section access or not and the user had valid dimension-values within the key-fields between the section access and section application part or not respectively the user is or isn't included with dimensions in the OMIT field.

To 1. - 3. you could use SSO - this meant the windows authentication from the OS goes through to the section access which needs only to include NTNAME (beside ACCESS and any key-fields or an OMIT field) without the need of a PASSWORD.

To 4. - 5. this couldn't be included within section access else you need to use these information within a where-clause to exclude those user which aren't active or which time-windows isn't valid anymore.

To 6. - 7. this is the classical section access part which needs to be implemented by the section access key-fields

To 8. This is mainly an additional part of usability and not mandatory a security part. This meant are the data itself not permitted it's harmless if they could access those sheets/objects and are the data not secured the access-control to sheets/objects won't be absolutely safe.

I suggest to take a look here: Section Access.

- Marcus

213 Views
0 Likes
pacoli2013
Creator
Creator
‎2016-11-15 08:32 AM
Author

In response to marcus_sommer

Hello Marcus,

Thank you for your Support.

Your answer brings new questions.

About 1/3: I will talk will the administrator about that (about rules etc.), Qadmin is already active without any problems

About 4/5: I never worked with a where-clause,  perhaps you can me help with that if it is not to complicated

About 6/8: I watched the examples, I think the QVD I use is not correct because I have 1 column for all Dimensions and one for the Dimension-values. I think I need for every Dimension and its value one column. I have at the moment 4 dimensions, so I think I need 4 columns.

The reasons normal users are not allowed to see all sheets:

1 sheet will have a selection box for the markers/flags and some tables, normal users are not allowed to use that selection box

1 sheet will have some control tables and information for designers and developers       

I don’t know if you watched my section access? When I compare my section access with the examples  I saw, my section looks very different  with all the marker tables and so

Perhaps you have a better solution there for me

Thanks in regards,

Court

213 Views
0 Likes
marcus_sommer
MVP
MVP
‎2016-11-15 09:14 AM

In response to pacoli2013

I agree that your section access looked very different to those kinds which I use or which I have seen anywhere. I don't want say that your approach couldn't be implemented - I don't understand your markers/flag logic - but I'm sure that there are easier logics if you followed the examples from the link above. This meant to start with a simple example from the introduction and then to extend this step by step instead of the attempt to implement a role-logic 1: 1 from another tool.

To 4/5 - I meant the following:

load * from source

where InActive = 1 and

today() >= DIMENSIONVALUEVAILEDFROM and today <= DIMENSIONVALUEVAILEDTO   

To 6/8 - yes you will need to transform (maybe per The Generic Load) your dimensions-field and the corresponding value-field into single columns whereby you here you need a certain logic respectively hierarchy between them to create a proper datamodel (no circular loops or synthetic keys). Further your access-restrictions mustn't be to exclude eachother - one denial and/or missing allowance will prevent the data-access - no further authorization will overwrite them again.

- Marcus

213 Views
0 Likes
pacoli2013
Creator
Creator
‎2016-11-15 10:03 AM
Author

In response to marcus_sommer

Hallo Marcus,

Thanks for your answer.

I just printed the document with generic load, I will try to transform my table using the example in that document

After that  I try to transform my section stepby step.

Hope I'll manage that with no Problems, Keep you informed

Regards

Court

213 Views
0 Likes