Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
hic
Former Employee
Former Employee

Authorization is about determining which data a user is allowed to see. QlikView has several different ways by which you can reduce the data so that the user only gets to see the data he is allowed to see.

In the simplest case, the authorization table defining who-gets-to-see-what is just a two column table linking user names to e.g. regions. But sometimes you need a more complicated logic. It could be that you have users that are allowed to see all products but just within one region, and at the same time all regions but just for one product. In other words, you want to make the reduction in several fields with the possibility of OR-logic.

 

QlikView can do this and here’s how you do it:

 

  1. Create an authorization table by loading the authorization data into QlikView after concatenating the reducing fields into one single generic authorization key:

         Load USER, REGION &'|'& PRODUCT as %AuthID From AuthTable ;

    Authorization table.png

  2. Create an authorization key in the table with the most detailed transactions:

         Load *, Region &'|'& Product as AuthID From OrderDetails ;

    If you don’t have all the necessary keys in the table, you can fetch fields from other tables using Applymap. See more about Applymap here:

  3. Create an authorization bridge table linking the two above tables. Since the %AuthID field can contain generic symbols such as '<ANY>', several load statements are needed to create the bridge table:

         Load
    Region &'|'& Product as AuthID, Region &'|'& Product as %AuthID  From OrderDetails ;
         Load Region &'|'& Product as AuthID, Region &'|'&'<ANY>' as %AuthID  From OrderDetails ;
         Load Region &'|'& Product as AuthID, '<ANY>'&'|'& Product as %AuthID  From OrderDetails ;
         Load Region &'|'& Product as AuthID, '<ANY>'&'|'&'<ANY>' as %AuthID  From OrderDetails ;

    Authorization bridge.png

  4. Reduce the file on the USER field using either Section Access or QlikView Publisher.

 

Using the above method you can create quite complex security models. For instance, you can use generic symbols also for product groups. Read more about generic keys in this Technical Brief.

 

Good luck!

 

HIC

 

Further reading related to this topic:

A Primer on Section Access

Data Reduction Using Multiple Fields

Authorization using a Hierarchy

40 Comments