Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2012-10-24 11:21 AM

Section Access with Active Directory and Single Sign On

Hi,

Background: I'm  working on QV10 SR1.

The users of our QV application access the documents via Access Point through a browser, which is accessed via a URL.

Users are authenticated via Active Directory. Since Single Sign On is enabled, once the users log on to their Windows machine and type the URL for Access point, they see all the documents they have been given access to by adding their "domain\userID" to the document through QEMC.

When I connect to Access Point, it tells me I'm logged on as DOMAIN\user_abc

I need to be able to do the following:

There is a document in which I need to restrict data access for the users based on a column Company Segment.

Currently I'm restricting access to specific sheets/tabs in the document using the following expression in the Show Sheet --> Conditional dialog box

=if((OSUser() = 'domain\user_abc'

OR OSUser() = 'domain\user_xyz'),1,0)

This works perfectly fine.

In the sheets\tabs visible to user_abc I further need to restrict data access. I tried using Section access but I'm not sure how to connect the Active Directory ID to the USERID or NTNAME. I tried using the following variants of the Hidden Section Access Script but they did not work.

//Script 1

Section Access;

LOAD * INLINE [

    ACCESS, NTNAME

    user1, domain\user_abc

    user2, domain\user_xyz ];

Section Application;

LOAD * INLINE [

NTNAME, CompanySegment 

domain\user_abc, Segment1

domain\user_xyz, Segment2   ];

//Script 2 (tried OSUser() in the script based on a similar suggestion by Miguel Angel Baeyens in another thread)

Section Access;
LOAD * INLINE [
    ACCESS, OSuser()
    user1, domain\user_abc   
    user2, domain\user_xyz ];

Section Application;

LOAD * INLINE [
OSUser(), CompanySegment

domain\user_abc, Segment1

domain\user_xyz, Segment2 ];

Neither of the scripts worked. It keeps asking me for USERID and Password repeatedly.

When I connect to Access Point, it tells me I'm logged on as DOMAIN\user_abc.

What am I doing wrong? How can I link the AD ID's to NTNAME.

I do not want to define username and password for each user as we have large number of users.

Any help would be greatly appreciated.

Thanks,

AM

3,003 Views
0 Likes
11 Replies
danielact
Partner - Creator III
Partner - Creator III
‎2012-10-24 04:01 PM

In response to

You have the right idea - just include the SEGMENT piece in the section access part.

Then, when you load the SEGMENT piece again the application part, it will filter it based on the section access.

187 Views
0 Likes
Not applicable
‎2012-10-24 04:12 PM
Author

In response to danielact

Hi Daniel,

I included COMPANYSEGMENT after NTNAME in the Scetion Access piece with Section Application section kept same as above, but it still asks for username.

I believe the problem that may be occurring is what my initial question was. DOMAIN\username is coming from Active Directory while what we are trying to put it as is NTNAME. There may not be a correlation between the two according to QlikView.

DOMAIN\username does not necessarily exist on the local NT.

187 Views
0 Likes