Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2011-10-19 04:47 AM

user access using windows domain groups

Hi All,

Can QlikView read the Windows Active Directory to see which user groups a Domain ID belongs to?

Many thank,

Phil

4,716 Views
0 Likes
1 Solution

Accepted Solutions
Miguel_Angel_Baeyens
Employee
Employee
‎2011-10-19 08:08 AM

In response to

Hi Phil,

Yes, that is possible, using section access and NTNAME, and a correspondence field, for each user, not in the section access, that you will use later on in the set analysis. Something like

SECTION ACCESS;
LOAD * INLINE [
ACCESS, NTNAME
ADMIN, DOMAIN\ADMINISTRATOR
USER, DOMAIN\CEO
USER, DOMAIN\TEAMMGR
USER, DOMAIN\ME
];
SECTION APPLICATION;
Membership:
LOAD * INLINE [
NTNAME, Group
DOMAIN\CEO, ALL
DOMAIN\TEAMMGR, TEAM
DOMAIN\ME, OWN
];
// This variable stores the group I belong to (one to one relationship) to be used in the set analysis
LET vMyGroup = Lookup('Group', 'NTNAME', OSUser(), 'Membership');

So the expressions would be, for example

Sum({< Group = {'$(vMyGroup)'} >} Value)

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

View solution in original post

1,281 Views
13 Replies
Not applicable
‎2011-10-19 04:50 AM
Author

Qlik reads this automatically when user opens document.

In section access table that info must be in NTNAME field.

C u,

Stefano

947 Views
0 Likes
Not applicable
‎2011-10-19 04:51 AM
Author

Hi,

It can, but I don't think it works well if people are viewing through access point.  How are your files being deployed?  In my last company we used the IE plugin and had files loaded onto our intranet ... that worked well, but you need to keep everyone's version of the plugin up to date.

We didn't use the access point route so I'm not sure if it's possible to get it to work the same way there.

Cheers,

Emma

947 Views
Not applicable
‎2011-10-19 04:56 AM
Author

In response to

Thanks Stefano

947 Views
0 Likes
Not applicable
‎2011-10-19 05:05 AM
Author

In response to

Hi Emma,

Unfortunately we're using Access Point.

When you published this on your Intranet was it just a normal webserver running IIS?

Also publishing that way were you able to read the user groups in Qlik to say show/hide tabs depending on which groups a domain ID belonged to?

Many thanks,

Phil

949 Views
0 Likes
Not applicable
‎2011-10-19 05:05 AM
Author

In response to

If you want show only some qvw to only some user, u can create a windows group and in the file property of that qvw give the access to that group.

So the access point page has qvw filtered by the user access...

I hope thie helps.

Stefano

949 Views
Not applicable
‎2011-10-19 05:13 AM
Author

In response to

Thanks Stefano, that would work though the Qlik app is quite large our network admin will not allow us to have the app on the server a few times so we can control access by user group... this is a tricky one

949 Views
0 Likes
Miguel_Angel_Baeyens
Employee
Employee
‎2011-10-19 06:05 AM

In response to

Hi Phil,

QlikView actually can read data from Active Directory, and you can build a section access according to the Users under some groups or so. Note that there two steps: authentication (who can see the document) and authorization (what this user can see once he has logged onto the document).

Authentication is done by Active Directory using the credentials of the current session. Since QlikView doesn't check anything here, if the user belongs to a group that has NTFS permissions to see the root or mounted folders, the user will see the documents. If the user belongs to a group that does not have permissions on that folder, the document will not be accessible to that user.

Authorization is usually done by section access. There are a lot of threads covering this issue, but you can start with this, this and this threads.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

949 Views
Not applicable
‎2011-10-19 06:36 AM
Author

In response to Miguel_Angel_Baeyens

Many thanks Miguel,

I'll have a look through the links.

Kind Regards,

Phil

949 Views
0 Likes
Not applicable
‎2011-10-19 06:45 AM
Author

In response to Miguel_Angel_Baeyens

Hi Miguel,

I had a look through though I really don't want to use data reduction to limit what users can see.

As all users are able to see a summary of all the data but only a selection of users can view all the underlying detail.

Then some other users are restricted to only data for their own team and the rest only their own data.

What I was hoping to be able to do was for a Domain ID to be allocated a role of e.g. ALL, TEAM, OWN then based on that role have something in the set analysis that shows the detail restrict the data based on that role.

Is that possible?

Many thanks,

Phil

949 Views
0 Likes