I play around with the security rules. In this context I am passing user groups from Active Directory to use in the conditions of the rules. One question is just coming up: What exactly is the difference between user.group and user.environment.group, if there is one.
user.group is the attribute for the user which comes from a User Directory Connector. This is considered a "persistent" attribute in the sense that Qlik stores this information (unless removed via the user directory).
user.environment.* are session attributes. These come from the configured authentication provider (typically SAML but possible via JWT, OIDC, and Web Ticketing). These values are not stored inside of Qlik but instead are evaluated when the user accesses Qlik. There's a good primer on session attributes here: https://community.qlik.com/t5/Qlik-Design-Blog/User-Environment-What-Session-Attributes-in-Qlik-Sens....
user.group is the attribute for the user which comes from a User Directory Connector. This is considered a "persistent" attribute in the sense that Qlik stores this information (unless removed via the user directory).
user.environment.* are session attributes. These come from the configured authentication provider (typically SAML but possible via JWT, OIDC, and Web Ticketing). These values are not stored inside of Qlik but instead are evaluated when the user accesses Qlik. There's a good primer on session attributes here: https://community.qlik.com/t5/Qlik-Design-Blog/User-Environment-What-Session-Attributes-in-Qlik-Sens....
