Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2015-03-04 07:45 AM

SAP Connector Authorization QTQVCADMIN

We are testing out the authorizations, and we wanted to test out if we wanted to limit table and field access to users.  

We have user QLIKVIEW_TES, which we assigned QTQVCACCESS, this user works fine we are able to connect using this user and pull table data.   We copied this role to test out the table access to see if we can limit what tables the user can pull and this works fine.   So know trying to use the QTQVCADMIN, we added this role to a user and accessed transaction /n/QTQVC/USERCONTROL,

The tables that we were pulling were VB* tables in QTQVCACCESS, so I then wanted to test to limit what Sales Organization was being seen.    VKORG,    I the transaction I had

Table VBAK,  Field name VKORG, Domain VKORG and the value.    I then tried to reload data, but I got all sales orgs.    I think added the User information on the right side I added QLIKVIEW_TES, VKORG, VALUE.    Tried to reload but still got all sales orgs.    If we are going to have a few users that will download the SAP Data into the QVD's does the authorization go to the download users.    I understand that the field restriction has to be maintained so that when the download user connect and pull, it has to check this access correct, even though QTQVCADMIN is not a role that is assigned to the user. 

Thank you in advance for any information you can supply

Diane Papia

diane.papia@analog.com

1,107 Views
0 Likes
1 Reply
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2015-03-05 08:09 AM

Usually, data filtering is not done at the SAP Connector level since that would mean moving away from a single connection-single account-cost-effective connection, to a different SAP User for every other connection.:

You could use an additional WHERE clause in the VB* SELECT statements, but even that technique may pose problems sooner or later. Moreover, separating and reducing data this low in the stack almost always results in multiple overlapping QlikView documents which must be managed and maintained (how do you handle users that should be able to see everything?).

The most common QlikView technique is to load everything from the source systems, process everything through all intermediate Data Transformation steps, and let the top-level UI document decide on what a particular user can and cannot see. Section Access in combination with Data Reduction is a simple and efficient tool for this kind of data authorization.

If you have a Publisher license, the QlikView Publisher can be used to create different top-level documents for different users, each one containing no more data than the end-user is allowed to see/use.

Peter

436 Views
0 Likes