I have an app that holds data for our entire company. I want to limit the data that is returned when a user views the sheets to only the employees that report to that manager. Is the only way to do this, without creating multiple versions of the app, to use section access? We have user groups but no set up currently that outlines our company hierarchy so would I have to also set up groups that divide the employees into each manager? My goal is to do this with the last amount of manual up keep being required. We are using Qlik Sense SaaS.
I see. So the Cost_Center_Manager field is not a field that contains a combination of a cost center and a manager, instead it sounds like it contains the username of a manager that is responsible for managing specified cost center.
In that case, you can do something like this:
Section Access;
// Give myself and my schedule acct access to all costcenters;
[SECTION_ACCESS]:
LOAD *
INLINE [
ACCESS, USERID
ADMIN, INTERNAL\SA_SCHEDULER
ADMIN, domain\KELLIE SY];
// Bring in the Managers and CostCenters they are associated to
Managers:
LOAD Distinct Upper(Cost_Center) as COSTCENTER,
Upper(Cost_Center_Manager) as USERID
[lib://DataFiles/WDWorker.qvd](qvd)
;
// Join distinct list of all cost centers to the section access table so all admins would be able to see data for all cost centers
Join(SECTION_ACCESS)
Load Distinct COSTCENTER
Resident Managers
;
// Adding list of app users (a.k.a. managers) and specifying which cost center they should be able to see
Concatenate(SECTION_ACCESS)
Load 'USER' as ACCESS,
'DOMAIN\' & USERID as USERID,
COSTCENTER
Resident Managers
Where Len(Trim(USERID)) <> 0
;
Drop Table Managers;
Section Application;
This will:
Prepare list of app admins.
Load mapping of managers to cost centers they manage.
Add list of all cost centers to the SECTION_ACCESS table so admins would be able to see data for all cost centers.
Add list of app users along with the domain name and a cost center that each user/manager should be able to see.
Excluding records where Cost_Center_Manager (a.k.a. USERID) is null.
The result will be a table that will enable specific managers access to the cost centers they manage.
Earlier you mentioned that you need to limit the data by cost center. Since that's the case, then no you don't need to have USERID as part of your data model.
USERID, just like the ACCESS field, is a system field. Their purpose is to simply tell Qlik Sense which users you want to access the app and what type of access each user should have.
The reduction field, COSTCENTER in your case, is used to tell Qlik Sense which data values, which cost centers in this case, each user should have access to.
The reduction field must exist in both the section access table and in the data model.
