topic Re: Section Access for Specific Users Only in App Development

Section Access for Specific Users Only

alopez — Mon, 13 May 2024 19:41:16 GMT

I am trying to do section access for only a specific user but all other users with access to the app I would like to grant full access. Is there a simple way of doing this without managing users in two places?

Re: Section Access for Specific Users Only

henrikalmen — Mon, 13 May 2024 20:04:54 GMT

One way of doing this could be to first create the rights for the specific user (ACCESS=USER), and to that access table you add all other users (load them from some kind of directory that you have) with ACCESS=ADMIN.

Re: Section Access for Specific Users Only

alopez — Mon, 13 May 2024 20:13:05 GMT

Is there a way to get all the users that have access to an app?

Re: Section Access for Specific Users Only

henrikalmen — Mon, 13 May 2024 20:22:03 GMT

If you by "have access to an app" mean users that have access to apps in the stream where this app resides, I'd say you actually don't need to find that out. You could simply load ALL users in your section access, but only those that actually has access to the app (through your other security rules) will be able to access it,

But I'm kind of confused by your initial question. What do you actually want to do with section access for the specific user? Are you going to use OMIT for some fields for this particular user, or what is it that you want to achieve?

Re: Section Access for Specific Users Only

alopez — Tue, 14 May 2024 17:00:33 GMT

I have 3 users in total.

1. Bob

2. Jorge

3. Fred

I wanted Jorge and Bob to have access to all data. I want Fred to be limited to company #3. Any future users that I add to the app, I would like default for them to have full access.

Re: Section Access for Specific Users Only

henrikalmen — Wed, 15 May 2024 08:19:15 GMT

Let's say you have five different COMPANY_ID, and Fred should only see data related to the company with ID 3.

First make sure that one specific user has expolicit access to all the companies. Then you can add further users that should be able to access all companies using an asterisk in the section access. Something like this:

Section Access; LOAD * INLINE [ ACCESS, USERID, COMPANY_ID ADMIN, INTERNAL\SA_SCHEDULER, 1 ADMIN, INTERNAL\SA_SCHEDULER, 2 ADMIN, INTERNAL\SA_SCHEDULER, 3 ADMIN, INTERNAL\SA_SCHEDULER, 4 ADMIN, INTERNAL\SA_SCHEDULER, 5 USER, FRED, 3 USER, BOB, * USER, JORGE, * ]; Section Application;

Re: Section Access for Specific Users Only

alopez — Wed, 15 May 2024 14:16:48 GMT

That solution would require adding new users as they are added to the app. I tried astrick at the end but that would grant all users access to everything overwriting the top part. Sadly I reverted to using an excel document to just manage security in both spaces. It would be nice if they added a feature to section access to either pull all users that have access to the app or allow to apply section access to only specific users.

Re: Section Access for Specific Users Only

Or — Wed, 15 May 2024 14:35:20 GMT

That would depend entirely on how a user is added to an app. Is it directly via hardcoded Section Access? Is it being loaded from an Excel file? Perhaps from Active Directory groups, or from a database table?

Generally speaking, you can use:

Users:

Load * INLINE [

USERID, COMPANYID

Name1, 1

Name2, 2

];

JOIN

Load USERID, '*' as COMPANYID INLINE

[

Name3

Name4

Name5

];

And then use that for Section Access.

Re: Section Access for Specific Users Only

alopez — Wed, 15 May 2024 14:38:10 GMT

We provide view access to the specific users that need access on Qlik Sense SAAS. We would then now separately also manage the section access otherwise when the login they'll get access denied.

Re: Section Access for Specific Users Only

henrikalmen — Wed, 15 May 2024 14:59:56 GMT

I still don't quite understand how you assign access to the app for your users. Is it using custom properties? If so, you could probably pull that list from a qlik API and use it when creating the section access table.

Or does Qlik Sense SaaS have some kind of standard management in QMC where you can grant access to a specific app for a specific user? (I'm using the on-prem version of Qlik Sense, the clloud solution could have such features that I'm not aware of.)

Re: Section Access for Specific Users Only

marcus_sommer — Wed, 15 May 2024 15:06:56 GMT

I'm not sure if this is really expedient because granting an app-access and applying a vertical/horizontal data-control against the data-set are different things and should it be - as parts of a chain of security measurements. Mixing them will rather increase the complexity and any risks and not leading to less work or an easy workflow.

In many scenarios the use of a section access don't need much management efforts because by using (nested) user-groups instead of single users it's not needed to specify each one explicitly - respectively the work is outsourced to the IT / HR department or whatever management-level should be responsible. Such approach may not need any extra work else the users could inherit the rights from their team/department from the company start and by any moving within the company to their deactivation by ending the job.

Re: Section Access for Specific Users Only

alopez — Wed, 15 May 2024 20:44:48 GMT

That's true, Marcus. I don't have groups enabled, but a good idea to add.