It wouldn't be a column named group, but yes. The attributes table should have three columns: userid (to join with the users table), type (type of attribute, e.g. group, email), and value. Example here: https://help.qlik.com/en-US/sense-admin/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdministe...

That's sort of a hard question to answer since you can write your security rule(s) in multiple ways.

With a table like this:

userid,type,value
user1,group,stream1
user1,group,stream2
user2,group,stream3

you would have a number of attributes to use.

1. You can write individual security rules for each stream
2. You can create a custom property with the values of your groups and assign those to the streams
3. Some other mix of things

(1) is simple:

Filter: Stream_{ID}
Actions: Read
Conditions: ((user.group = "myGroup"))

(2) is more powerful and would look like this:

Filter: Stream_*
Actions: Read
Conditions: ((resource.@myCustomPropertyName=user.group))

HI @Levi_Turner  - thats perfect thanks so much.

If I may ask one last  question.  If users are part of an ODBC Directory and are synced - can we automatically allocate an access pass? Or will one be allocated when the user logs in (will there need to be a certain rule in place)?

Thanks again for your time

Dai

Just like with any UDC type, you can either synchronize the users (get them in the user list) and manually assign things or use a license rule to provision access (https://help.qlik.com/en-US/sense-admin/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdministe...). Licenses can be treated just like access to content, so you can use rules to provision access when the user logs in.