Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
E_Røse
Creator II
Creator II
‎2021-07-09 06:01 AM

Section access in QlikSense - No access to app for users given ACCESS as USER via GROUP

I am having some issues giving acces to data in an app. 

 

The user has access to the app via sccess to the stream. When no data is loaded, the user can open the empty app. The authorization table looks like

Load * inline[ACCESS, USERID, GROUP, REDUCTION

USER, *, GROUPNAME, N];

After data is loaded to the app, the user cannot open the app ('Access denied')

However, if I change the table to 

Load * inline[ACCESS, USERID, GROUP, REDUCTION

ADMIN, *, GROUPNAME, N];

then the same user can open tha app and access all the lines with N in the reduction field as intended.

 

When looking at the user in qmc, the group is listed as Groupname (not capital letters). For groups that are written with capital letters her, it seems like I do not have the same problem.  

I have checked that the groups are listed here 

ElinR_0-1625827679708.png

(I have the issue for all groups, both those written in capital letters and others..)

 

Does anyone have an explanation for why access is denied in the first case and not the latter? I am using the november 2020-version of qliksense.

--------------------

I edited the text a littl, to be more spesififc.

E. Røse
Senior Analytics Consultant, Atea Norge
1,460 Views
0 Likes
5 Replies
avinashelite
MVP
MVP
‎2021-07-09 06:20 AM

1.In the section access part you have to define all the columns in upper case . Change the codes in section access to upper case .

 

2.when using the *  , it will give only the data which is part the section access only.

3. ADMIN will have access for all the data that is why your able to see , USER access will work as per the rules set

1,439 Views
0 Likes
E_Røse
Creator II
Creator II
‎2021-07-09 06:30 AM
Author

In response to avinashelite

Everything is defined in uppercase in the Authorization table, and the REDUCTION parts with * or N or whatever is not whats the issue here. The issue is that in the first example the users wich is a member of the ADgroup 'Groupname' is not able to access the app at all and just sees this: 

ElinR_0-1625826590913.png

E. Røse
Senior Analytics Consultant, Atea Norge
1,423 Views
avinashelite
MVP
MVP
‎2021-07-09 06:54 AM

In response to E_Røse

Okay could you share the code written in 

Section Access and Section Application 

To debug the issue try to add the sample data for groupname etc 

1,392 Views
0 Likes
E_Røse
Creator II
Creator II
‎2021-07-09 07:55 AM
Author

In response to avinashelite

I am not allowed to share my code. I cal anonymiza it a bit. I tried to do that in my first post, but maybe it was abit to limited😂

 

but first i am doing some testing.

 It seems like the error is related to the access to the stream. (We do not use applevel access, only streamlevel). In our production environment all access is given using AD-groups, while in our testing environment we also use usernames to grant access. On top of that, I am trying to implemet section access using AD groups. For now I just want to hide som rows ofr members of an ADgroup.  As long as the users are allowed to open the app, my code works as expected and I do not have the issue with opening the app in the production environment.

To summarize:

  • When the user has access (ACCESS = USER or ADMIN) to the stream via  ADgroups, my code seems to work as expected.
  • If the user are given access to the stream via its username, the user only has access to the app if ACCESS=ADMIN i the section access authorization table.

Does this make any sense?

Still testing, but at least it seems like the solution migth be to make sure access is given to an ADgroup for the stream where we test our apps with section access.

E. Røse
Senior Analytics Consultant, Atea Norge
1,378 Views
0 Likes
AnkitaC
Contributor II
Contributor II
‎2023-09-24 04:34 AM

Hi ALL,

In Qlik sense I am using sectional access I am restricted some user for some company so its working some user but its not working with some other user I don't know what was the problem please help me solve this.

 

Thank you.

281 Views
0 Likes