Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
daveatkins
Partner - Creator III
Partner - Creator III
‎2023-02-09 11:29 AM

how to use AD groups for section access in QlikView

We have used section access by user, based on NTNAME as the field. An old question in this forum said AD groups could also be used in that same field, which did not make sense to me. Is it possible to set up section access using AD group names instead of userids and how do you do that? Is there some other field like NTGROUP? Or does the value in NTNAME try to match all information retreived from active directory?

Labels (1)
Labels
706 Views
0 Likes
1 Solution

Accepted Solutions
Vegar
MVP
MVP
‎2023-02-09 11:43 AM

Use NTNAME for giving access to an AD group.

"NTNAME, a field that should contain a string corresponding to a Windows NT domain user name or group name."

https://help.qlik.com/en-US/qlikview/May2022/Subsystems/QMC/Content/QV_QMC/QMC_Users_SectionAccessMa...

Vegar
Qlik Community MVP

View solution in original post

698 Views
0 Likes
5 Replies
Vegar
MVP
MVP
‎2023-02-09 11:43 AM

Use NTNAME for giving access to an AD group.

"NTNAME, a field that should contain a string corresponding to a Windows NT domain user name or group name."

https://help.qlik.com/en-US/qlikview/May2022/Subsystems/QMC/Content/QV_QMC/QMC_Users_SectionAccessMa...

Vegar
Qlik Community MVP
699 Views
0 Likes
daveatkins
Partner - Creator III
Partner - Creator III
‎2023-02-09 12:05 PM
Author

In response to Vegar

Thank you. Looking over the documentation...I had no idea there was a way to manage section access in the QMC. Will this work the same for creating an inline table in the load script?

Will QlikView pick up new AD groups as they are added to the AD?

 

684 Views
0 Likes
NadiaB
Support
Support
‎2023-02-14 02:44 PM

Hi @daveatkins 

The documentation for Section Access for QlikView can be found here:

https://help.qlik.com/en-US/qlikview/May2021/Subsystems/Client/Content/QV_QlikView/Security.htm

Kind Regards. 

Don't forget to mark as "Solution Accepted" the comment that resolves the question/issue. #ngm
658 Views
0 Likes
daveatkins
Partner - Creator III
Partner - Creator III
‎2023-02-14 03:19 PM
Author

Am I understanding this correctly? In Section Access, when you load the User_Table, you could:

1) include the USERID field and have one row for every user

or

2) use NTNAME and have one row for every user

or

3) use NTNAME and have one row containing the name of a AD group to which all the users belong

or

4) combine these methods and use NTNAME with some rows containing AD groups and other rows containing individual users

 

651 Views
0 Likes
marcus_sommer
MVP
MVP
‎2023-02-15 04:22 AM

In response to daveatkins

You could combine NT users and user-groups and further also including userid and password whereby mixing them is IMO rather not expedient. Important is the understanding that the section access table is an authorization and all there specified parameters must be TRUE - means they have an AND linking and not an OR linking. Like most other authorizations it has a white-listing working - means only listed combinations of users and linked reduction-values remain accessible and each kind of denying an access will overwrite all permissions.

640 Views
0 Likes