Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
surendra_masupa
Contributor III
Contributor III
‎2018-01-22 06:30 AM

Section Access with access denial list

Hi All,

I've a small scenario where in I need all the users to access the application except few.

The problem is I don't have the list of users who need to view (and access) the application on the Access Point. However I've some users who I don't want them to view the application. FYI.. I've enabled "Filter documents based on Section Access list" property.

I can simply put * to allow everyone to View and access the app, however I'm not sure how to restrict only few set of users.

Any help is highly appreciated.

Thanks,

Surendra

417 Views
0 Likes
4 Replies
karthikoffi27se
Creator III
Creator III
‎2018-01-22 06:35 AM

Hi Surendra,

Please refer the below thread which explains basic of Section access.

https://community.qlik.com/docs/DOC-1853

Many Thanks

Karthik

320 Views
0 Likes
marcus_sommer
MVP
MVP
‎2018-01-22 06:57 AM

AFAIK it's not possible because the feature of section access granted all listed users their access and who is not listed will get no access. But you could read (and add to the section access) the users and usergroups with something like Reading GroupMembers from active directory with QlikView‌ and than removing those from this listing and/or maybe creating some new specialized usergroups for this purpose.

- Marcus

320 Views
0 Likes
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2018-01-22 07:34 AM

(Off the top of my head) maybe you can try to use Data Reduction where everything is linked to a Setion Access record that says NTNAME = *.

If you now put the users-to-be-denied-access before this record and with their full NTNAME value (and no valid link value), you could convert Section Acces from a Permissions list into a Denials list. Data Reduction with Strict Exclusion enabled will throw out everyone that is explicitly listed in SA.

320 Views
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2018-01-22 07:51 AM

In response to Peter_Cammaert

I did a quick test with USERID & PASSWORD. This code does what I explained:

Section Access;


LOAD * INLINE [

ACCESS, USERID, PASSWORD, ACCESSFLAG

USER, ABC, ABC, 0

USER, DEF, DEF, 0

ADMIN, PETER, PETER, 1

USER, *, GHI, 1

];


Section Application;


Facts:

LOAD 1 AS ACCESSFLAG,

     Today() AS Date

AUTOGENERATE 1;

Access is denied to ABC and DEF, but not to PETER or "GHI" (or anyone else using that password). I had to use a password for the wildcard entry because otherwise QlikView doesn't even present USERID/PASSWORD dialogs. You shouldn't have that problem if you only use ACCESS, NTNAME and a LINKFIELD. However, I haven't tested it with AD security.

320 Views
0 Likes