Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Mauritz_SA
Partner - Specialist
Partner - Specialist

Security rule to check if session attribute exists

Hi all

 

I have a question regarding security rule syntax. I sometimes pass through a session attribute upon authentication from an application (let's call it Attribute1).

 

I have set up a Data Connection rule which checks whether the user launched to the Qlik Sense Hub from an application in which case I only want him/her to be able to read data connections with a Custom Property which match their Attribute1 session attribute:

 

Qlik Security Rule 1.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This works fine.

 

I would like to know how I can create a rule to see if a user does not have an Attribute1 session attribute? For example, if the user authenticates using Active Directory (only some users will be able to do this) then I want to be able to have a rule such as the one below (which does not work😞

 

Qlik Security Rule 2.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I tried variations such as user.environment.Attribute1 = "" and user.environment.Attribute1.IsEmpty(), but they do not work since the Attribute1 session variable does not exist.

 

My example above is simplified, but I hope that it shows my requirement. Any help will be much appreciated.

 

Regards,

Mauritz

Labels (2)
1 Solution

Accepted Solutions
Mauritz_SA
Partner - Specialist
Partner - Specialist
Author

Hi there TKO

I ended up going with user.environment.Attribute1.empty(). The thing is that I also need to evaluate the that session attribute for users from my Active Directory . If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.

Thanks for the reply though!

Regards,

Mauritz

View solution in original post

2 Replies
ToniKautto
Employee
Employee

Why don't you simply use the user directory in your rule? This allows you to decide access based on the user authentication.

((user.userDirectory="MyDirectoryName"))
Mauritz_SA
Partner - Specialist
Partner - Specialist
Author

Hi there TKO

I ended up going with user.environment.Attribute1.empty(). The thing is that I also need to evaluate the that session attribute for users from my Active Directory . If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.

Thanks for the reply though!

Regards,

Mauritz