Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik GA: Multivariate Time Series in Qlik Predict: Get Details
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Jason_Michaelides
Partner - Master II
Partner - Master II
‎2018-01-14 07:08 PM

Direct Discovery for Section Access

Hi all,

Has anybody tried using Direct Discovery on Section Access? Is it possible? I don't need to refresh my app's data more than a few times a day, but the security must be up-to-the-minute (preferably real-time from source, hence DD).

Thanks

Jason

2,977 Views
1 Solution

Accepted Solutions
marcus_sommer
MVP
MVP
‎2018-01-15 03:23 AM

I think it won't be possible in this way because section access will only applied by opening an application and not by reloading it. Should an access-control happens on a reload-process the access-control would need to be transferred to user-depending where-conditions - possible but expensive and probably with some side-effects.

If a regular reloading or closing/reloading/opening is rather not suitable I could imagine that instead or additionally to a section access an access-control could be applied over field- or variable-flags - which are set/changed per DD - and which are serving as conditions for sheets/objects and dimensions/expressions plus as true/false-flags within the expressions.

Of course such an implementation will be quite expensive, too and providing only a full access-contol if the user couldn't create/adjust objects/variables because otherwise a (more experienced) user could bypass this logic.

- Marcus

View solution in original post

2,700 Views
0 Likes
6 Replies
jonathandienst
Partner - Champion III
Partner - Champion III
‎2018-01-14 11:47 PM

Perhaps a binary load followed by a re-application of the section access? I don't think DD data is available at the time of load, so I doubt you can apply section access using DD.

Logic will get you from a to b. Imagination will take you everywhere. - A Einstein
2,700 Views
marcus_sommer
MVP
MVP
‎2018-01-15 03:23 AM

I think it won't be possible in this way because section access will only applied by opening an application and not by reloading it. Should an access-control happens on a reload-process the access-control would need to be transferred to user-depending where-conditions - possible but expensive and probably with some side-effects.

If a regular reloading or closing/reloading/opening is rather not suitable I could imagine that instead or additionally to a section access an access-control could be applied over field- or variable-flags - which are set/changed per DD - and which are serving as conditions for sheets/objects and dimensions/expressions plus as true/false-flags within the expressions.

Of course such an implementation will be quite expensive, too and providing only a full access-contol if the user couldn't create/adjust objects/variables because otherwise a (more experienced) user could bypass this logic.

- Marcus

2,701 Views
0 Likes
Jason_Michaelides
Partner - Master II
Partner - Master II
‎2018-01-15 03:33 AM
Author

In response to jonathandienst

thanks Jonathan. I’m not yet sure if the size of the final app so don’t know if BL “on demand” or every minute is feasible. At reload I could just query the data source in the script execution to refresh the SA but again I don’t know how often I’ll be able to reload due to app size.  Thanks for your help mate - appreciated.

2,700 Views
0 Likes
Jason_Michaelides
Partner - Master II
Partner - Master II
‎2018-01-15 03:36 AM
Author

In response to marcus_sommer

‌Thanks Marcus. I think OSUser() in Set Analysis will be the way to go. I was hoping to avoid for the reasons you’ve given, however given this will be a mashup in a DMZ I think it’ll be ok. I just need to check it can’t be bypassed!

Thanks For the suggestions sir.

Jason

2,700 Views
0 Likes
SteveNewman
Employee
Employee
‎2018-01-15 07:43 AM

In response to Jason_Michaelides

‌Another common approach that is more dynamic is to move to a “group” based security model that allows you to dynamically change groups when the user logs in. This allows you to have, up to minute security applied to Qlik applications when the user logs into Qlik.

For example, lets say that you secure your data by zip code (postal code). You could create a Section Access table, dynamically for every zip code (postal code) in your data. When a user logs in, you could assign groups to the user (either from your security source, LDAP, etc... or via a UDC pulling from a database). For example, you could add 100 zip codes (postal codes) to user1 and 269 to user2.

Since your zip codes in your data don’t change, except during reloads, you don’t have to worry about extra reloads. However, since your users access rules can changes 1,000’s of times a day (theoretically) you can change those more dynamically.

Also, don’t forget you can create compound groups using a typically REDUCTION technique discussed in other articles.

I have implemented similarly in environments with 5,000+ groups without problems.

Hope that helps.

2,700 Views
0 Likes
Jason_Michaelides
Partner - Master II
Partner - Master II
‎2018-01-15 07:51 AM
Author

In response to SteveNewman

Thats’s a great idea Steve - thank you!

2,700 Views
0 Likes