topic Re: Section Access with access denial list in QlikView

Section Access with access denial list

surendra_masupa — Mon, 22 Jan 2018 11:30:11 GMT

Hi All,

I've a small scenario where in I need all the users to access the application except few.

The problem is I don't have the list of users who need to view (and access) the application on the Access Point. However I've some users who I don't want them to view the application. FYI.. I've enabled "Filter documents based on Section Access list" property.

I can simply put * to allow everyone to View and access the app, however I'm not sure how to restrict only few set of users.

Any help is highly appreciated.

Thanks,

Surendra

Re: Section Access with access denial list

karthikoffi27se — Mon, 22 Jan 2018 11:35:30 GMT

Hi Surendra,

Please refer the below thread which explains basic of Section access.

https://community.qlik.com/docs/DOC-1853

Many Thanks

Karthik

Re: Section Access with access denial list

marcus_sommer — Mon, 22 Jan 2018 11:57:01 GMT

AFAIK it's not possible because the feature of section access granted all listed users their access and who is not listed will get no access. But you could read (and add to the section access) the users and usergroups with something like Reading GroupMembers from active directory with QlikView‌ and than removing those from this listing and/or maybe creating some new specialized usergroups for this purpose.

- Marcus

Re: Section Access with access denial list

Peter_Cammaert — Mon, 22 Jan 2018 12:34:36 GMT

(Off the top of my head) maybe you can try to use Data Reduction where everything is linked to a Setion Access record that says NTNAME = *.

If you now put the users-to-be-denied-access before this record and with their full NTNAME value (and no valid link value), you could convert Section Acces from a Permissions list into a Denials list. Data Reduction with Strict Exclusion enabled will throw out everyone that is explicitly listed in SA.

Re: Section Access with access denial list

Peter_Cammaert — Mon, 22 Jan 2018 12:51:02 GMT

I did a quick test with USERID & PASSWORD. This code does what I explained:

Section Access;

LOAD * INLINE [

ACCESS, USERID, PASSWORD, ACCESSFLAG

USER, ABC, ABC, 0

USER, DEF, DEF, 0

ADMIN, PETER, PETER, 1

USER, *, GHI, 1

];

Section Application;

Facts:

LOAD 1 AS ACCESSFLAG,

Today() AS Date

AUTOGENERATE 1;

Access is denied to ABC and DEF, but not to PETER or "GHI" (or anyone else using that password). I had to use a password for the wildcard entry because otherwise QlikView doesn't even present USERID/PASSWORD dialogs. You shouldn't have that problem if you only use ACCESS, NTNAME and a LINKFIELD. However, I haven't tested it with AD security.