Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us in NYC Sept 4th for Qlik's AI Reality Tour! Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2015-11-02 09:13 PM

Section Access

Hi,

 

I’m having trouble getting Qlik Sense to do even basic security, hopefully someone can help.

 

I want to restrict users to viewing data for just their home cities in an app based on their AD group. However managers typically manage two cities and the general manager needs to see all cities.

 

City

AD group

Manager

General Manager

B

B_employees

Kate

Mark

C

C_employees

Sam

Mark

D

D_employees

Kate

Mark

H

H_employees

John

Mark

M

M_employees

John

Mark

P

P_employees

John

Mark

S

S_employees

Sam

Mark

 

It works for one assignment but  if I try to use two assignments I either 'denied' or 'unknown error', e.g.

SecurityTable1:

Load * InLine [

ACCESS, USERID, LINK1

  USER, DOMAIN\John, M

  USER, DOMAIN\John, H

...

  ADMIN, DOMAIN\Greg

  ADMIN, INTERNAL\sa_scheduler

  ];

SecurityTable2:

Load * InLine [

ACCESS, GROUP, LINK2

  USER, P_employees, P

...

//
Section Application;

SecLinkTable1:
Load * InLine [
LINK1, City
  P,  PCity

...

They work individually but not in combination(s).

 

Additionally, if I use the OMIT option I get ‘incomplete visualisation’ for the table/chart when I specify a dim, but nothing if I specify a defined dim from Master Items. Is this a bug?

 

813 Views
0 Likes
1 Solution

Accepted Solutions
Not applicable
‎2015-11-19 07:01 PM
Author

With help from our Qlik guy Stephen, we resolved the issue.

The key is using both USERID & GROUP in the same table with the alternate field populated with asterisk.

Seems it is necessary to use the subfield() technique in 2.1, this generates a separate row for each code.


//
Section Access;

set vAllCities = 'D,S,M,H,A,P,C,B';

Authorisation:

// Grant 'sa_scheduler' admin to enable data reload task
load ACCESS ,USERID ,GROUP ,subfield(CITYCODE, ',') as CITYCODE
inline
[ACCESS,  USERID,  GROUP,  CITYCODE
'ADMIN' ,'INTERNAL\sa_scheduler' ,'*' ,"$(vAllCities)"
    ];


// Load user list from secure .xls
LOAD
    "Access"    as ACCESS,
    "UserID"    as USERID,
    '*'                as GROUP,
    subfield("City Code", ',')   as CITYCODE
FROM [lib://QSContent/App Access by user.xlsx]
(ooxml, embedded labels, table is Sheet1);


// default users to their home state
CONCATENATE(Authorisation)
LOAD *
INLINE [
  ACCESS, USERID,  GROUP,   CITYCODE
  USER,  *,  D_employees, D
  USER,  *,  S_employees, S
  USER,  *,  B_employees, B
  USER,  *,  C_employees, C
  USER,  *,  A_employees, A
  USER,  *,  H_employees, H
  USER,  *,  M_employees, M
  USER,  *,  P_employees, P
  ];

//
Section Application;
SecLinkTable:
Load * InLine [
City,  CITYCODE
  D,  D
  S,  S
  B, B
  C, C
  A, A
  H, H
  M, M
  P, P
  ];

Hopefully this will be of help to other newbies.

View solution in original post

567 Views
0 Likes
1 Reply
Not applicable
‎2015-11-19 07:01 PM
Author

With help from our Qlik guy Stephen, we resolved the issue.

The key is using both USERID & GROUP in the same table with the alternate field populated with asterisk.

Seems it is necessary to use the subfield() technique in 2.1, this generates a separate row for each code.


//
Section Access;

set vAllCities = 'D,S,M,H,A,P,C,B';

Authorisation:

// Grant 'sa_scheduler' admin to enable data reload task
load ACCESS ,USERID ,GROUP ,subfield(CITYCODE, ',') as CITYCODE
inline
[ACCESS,  USERID,  GROUP,  CITYCODE
'ADMIN' ,'INTERNAL\sa_scheduler' ,'*' ,"$(vAllCities)"
    ];


// Load user list from secure .xls
LOAD
    "Access"    as ACCESS,
    "UserID"    as USERID,
    '*'                as GROUP,
    subfield("City Code", ',')   as CITYCODE
FROM [lib://QSContent/App Access by user.xlsx]
(ooxml, embedded labels, table is Sheet1);


// default users to their home state
CONCATENATE(Authorisation)
LOAD *
INLINE [
  ACCESS, USERID,  GROUP,   CITYCODE
  USER,  *,  D_employees, D
  USER,  *,  S_employees, S
  USER,  *,  B_employees, B
  USER,  *,  C_employees, C
  USER,  *,  A_employees, A
  USER,  *,  H_employees, H
  USER,  *,  M_employees, M
  USER,  *,  P_employees, P
  ];

//
Section Application;
SecLinkTable:
Load * InLine [
City,  CITYCODE
  D,  D
  S,  S
  B, B
  C, C
  A, A
  H, H
  M, M
  P, P
  ];

Hopefully this will be of help to other newbies.

568 Views
0 Likes