Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gireesh1216
Creator II
Creator II
‎2017-07-20 01:19 AM

Using Section Access With LDAP

Hi Friends,

In my qlikview application, I have 3 sheets (Home,sheet1, sheet2).

And have text 3 objects with action to navigate between the sheets.

Access requirement is as follows:

Home - all LDAP_GROUP1 and LDAP_GROUP2

sheet1 - only LDAP_GROUP1

sheet2 - only LDAP_GROUP2

LDAP_GROUP1- usersLDAP_GROUP2-users
12161216
12171220
12191221

How can we write section access code to get this restrictions for LDAP groups.

Thanks

Gireesh

907 Views
0 Likes
6 Replies
Anil_Babu_Samineni
MVP
MVP
‎2017-07-20 01:53 AM

May be

Sheet Level Security.qvw

Sheet level access

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful
593 Views
0 Likes
gireesh1216
Creator II
Creator II
‎2017-07-20 02:16 AM
Author

In response to Anil_Babu_Samineni

Thanks For Ur Reply

But My question is "restrictions for LDAP groups"

LDAP groups already created and available in QMC Distibution service.

we want security based on LDAP groups.

593 Views
0 Likes
Anil_Babu_Samineni
MVP
MVP
‎2017-07-20 02:36 AM

In response to gireesh1216

I am not much expertise in Server AON. may be marcus_sommerpcammaert

Best Anil, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful
593 Views
0 Likes
marcus_sommer
MVP
MVP
‎2017-07-20 02:47 AM

I think it should work if you just specify the groups by NTNAME, like:

section access;

Access:

load * inline [

ACCESS, NTNAME

ADMIN, ADMINUSER

USER, LDAP_GROUP1

...

- Marcus

593 Views
0 Likes
gireesh1216
Creator II
Creator II
‎2017-07-20 05:52 AM
Author

In response to marcus_sommer

Thanks Marcus Sommer,

The above script working fine in my local system.

But not working in access point if "strict exclusion" is checked in document. Getting following error while opening dashbaord.

Error: Failed to open document. You don't have access to this documnet.

If "strict exclusion" is unchecked, the restictions are not applied in the dashboard and showing all data.

-Gireesh

593 Views
0 Likes
marcus_sommer
MVP
MVP
‎2017-07-20 06:21 AM

In response to gireesh1216

This meant that something isn't correct with your section access implementation and in the end strict exclusion is mandatory because otherwise it's just a kind of usability and not really secure.

I have never implemented section access on sheet/object-level else only to data. Therefore I suggest that you used some small dummy-application and building and extending the section access step by step whereby I would leave out at first the object-level and just restrict some data.

Quite important is to check how the user is authenticated - just osuser() within a textbox will do it - and to give attention to such things like not to load the section access optimized from a qvd and to put all the values in upper() and similar. Here you will find various links to quite useful resources: Section Access.

- Marcus

593 Views
0 Likes