https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1543548#M12527 <P>Hi there TKO</P><P>I&nbsp;ended up going with&nbsp;<STRONG>user.environment.Attribute1.empty()</STRONG>. The thing is that I also need to evaluate the that session attribute for users from my Active Directory .&nbsp;If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.</P><P>Thanks for the reply though!</P><P>Regards,</P><P>Mauritz</P> Wed, 13 Feb 2019 10:58:41 GMT Mauritz_SA 2019-02-13T10:58:41Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1509589#M11878 <P>Hi all</P><P>&nbsp;</P><P>I have a question regarding security rule syntax. I <STRONG>sometimes</STRONG> pass through a session attribute upon authentication from an application (let's call it Attribute1).</P><P>&nbsp;</P><P>I have set up a Data Connection rule which checks whether the user launched to the Qlik Sense Hub from an application in which case I only want him/her to be able to read data connections with a Custom Property which match their Attribute1 session attribute:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Qlik Security Rule 1.PNG" style="width: 615px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/634i16A34C01F028F431/image-size/large?v=v2&amp;px=999" role="button" title="Qlik Security Rule 1.PNG" alt="Qlik Security Rule 1.PNG" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>This works fine.</SPAN></P><P>&nbsp;</P><P><SPAN>I would like to know how I can create a rule to see if a user does not have an Attribute1 session attribute? For example, if the user authenticates using Active Directory (only some users will be able to do this) then I want to be able to have a rule such as the one below (<FONT color="#FF0000">which does not work</FONT><span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></SPAN></P><P>&nbsp;</P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Qlik Security Rule 2.PNG" style="width: 622px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/635i03064753186ACFBD/image-size/large?v=v2&amp;px=999" role="button" title="Qlik Security Rule 2.PNG" alt="Qlik Security Rule 2.PNG" /></span></SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>I tried variations such as<FONT color="#FF0000">&nbsp;</FONT><FONT color="#FF0000">user.environment.Attribute1 = ""</FONT>&nbsp;and&nbsp;<FONT color="#FF0000">user.environment.Attribute1.IsEmpty()</FONT>, but they do not work since the Attribute1 session variable does not exist.</P><P>&nbsp;</P><P>My example above is simplified, but I hope that it shows my requirement. Any help will be much appreciated.</P><P>&nbsp;</P><P>Regards,</P><P>Mauritz</P> Sat, 16 Nov 2024 07:15:25 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1509589#M11878 Mauritz_SA 2024-11-16T07:15:25Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1543498#M12525 Why don't you simply use the user directory in your rule? This allows you to decide access based on the user authentication.<BR /><BR />((user.userDirectory="MyDirectoryName")) Wed, 13 Feb 2019 09:57:07 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1543498#M12525 ToniKautto 2019-02-13T09:57:07Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1543548#M12527 <P>Hi there TKO</P><P>I&nbsp;ended up going with&nbsp;<STRONG>user.environment.Attribute1.empty()</STRONG>. The thing is that I also need to evaluate the that session attribute for users from my Active Directory .&nbsp;If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.</P><P>Thanks for the reply though!</P><P>Regards,</P><P>Mauritz</P> Wed, 13 Feb 2019 10:58:41 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-check-if-session-attribute-exists/m-p/1543548#M12527 Mauritz_SA 2019-02-13T10:58:41Z