Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Open Lakehouse is Now Generally Available! Discover the key highlights and partner resources here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Mauritz_SA
Partner - Specialist
Partner - Specialist
‎2018-11-20 05:00 AM

Security rule to check if session attribute exists

Hi all

 

I have a question regarding security rule syntax. I sometimes pass through a session attribute upon authentication from an application (let's call it Attribute1).

 

I have set up a Data Connection rule which checks whether the user launched to the Qlik Sense Hub from an application in which case I only want him/her to be able to read data connections with a Custom Property which match their Attribute1 session attribute:

 

Qlik Security Rule 1.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This works fine.

 

I would like to know how I can create a rule to see if a user does not have an Attribute1 session attribute? For example, if the user authenticates using Active Directory (only some users will be able to do this) then I want to be able to have a rule such as the one below (which does not work😞

 

Qlik Security Rule 2.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I tried variations such as user.environment.Attribute1 = "" and user.environment.Attribute1.IsEmpty(), but they do not work since the Attribute1 session variable does not exist.

 

My example above is simplified, but I hope that it shows my requirement. Any help will be much appreciated.

 

Regards,

Mauritz

Labels (1)
Labels
1,342 Views
0 Likes
1 Solution

Accepted Solutions
Mauritz_SA
Partner - Specialist
Partner - Specialist
‎2019-02-13 05:58 AM
Author

In response to ToniKautto

Hi there TKO

I ended up going with user.environment.Attribute1.empty(). The thing is that I also need to evaluate the that session attribute for users from my Active Directory . If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.

Thanks for the reply though!

Regards,

Mauritz

View solution in original post

1,278 Views
0 Likes
2 Replies
ToniKautto
Employee
Employee
‎2019-02-13 04:57 AM

Why don't you simply use the user directory in your rule? This allows you to decide access based on the user authentication.

((user.userDirectory="MyDirectoryName"))
1,283 Views
Mauritz_SA
Partner - Specialist
Partner - Specialist
‎2019-02-13 05:58 AM
Author

In response to ToniKautto

Hi there TKO

I ended up going with user.environment.Attribute1.empty(). The thing is that I also need to evaluate the that session attribute for users from my Active Directory . If they launch to the Hub using an application to authenticate then I only want them to see data connections which have got a custom property matching their session attribute, otherwise I want them to see all data connections if they use AD to authenticate when opening the Hub.

Thanks for the reply though!

Regards,

Mauritz

1,279 Views
0 Likes