
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to use AD groups for section access in QlikView
We have used section access by user, based on NTNAME as the field. An old question in this forum said AD groups could also be used in that same field, which did not make sense to me. Is it possible to set up section access using AD group names instead of userids and how do you do that? Is there some other field like NTGROUP? Or does the value in NTNAME try to match all information retreived from active directory?
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use NTNAME for giving access to an AD group.
"NTNAME, a field that should contain a string corresponding to a Windows NT domain user name or group name."
Qlik Community MVP

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use NTNAME for giving access to an AD group.
"NTNAME, a field that should contain a string corresponding to a Windows NT domain user name or group name."
Qlik Community MVP

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. Looking over the documentation...I had no idea there was a way to manage section access in the QMC. Will this work the same for creating an inline table in the load script?
Will QlikView pick up new AD groups as they are added to the AD?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @daveatkins
The documentation for Section Access for QlikView can be found here:
https://help.qlik.com/en-US/qlikview/May2021/Subsystems/Client/Content/QV_QlikView/Security.htm
Kind Regards.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Am I understanding this correctly? In Section Access, when you load the User_Table, you could:
1) include the USERID field and have one row for every user
or
2) use NTNAME and have one row for every user
or
3) use NTNAME and have one row containing the name of a AD group to which all the users belong
or
4) combine these methods and use NTNAME with some rows containing AD groups and other rows containing individual users


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could combine NT users and user-groups and further also including userid and password whereby mixing them is IMO rather not expedient. Important is the understanding that the section access table is an authorization and all there specified parameters must be TRUE - means they have an AND linking and not an OR linking. Like most other authorizations it has a white-listing working - means only listed combinations of users and linked reduction-values remain accessible and each kind of denying an access will overwrite all permissions.
