thanks Jonathan. I’m not yet sure if the size of the final app so don’t know if BL “on demand” or every minute is feasible. At reload I could just query the data source in the script execution to refresh the SA but again I don’t know how often I’ll be able to reload due to app size.  Thanks for your help mate - appreciated.

‌Thanks Marcus. I think OSUser() in Set Analysis will be the way to go. I was hoping to avoid for the reasons you’ve given, however given this will be a mashup in a DMZ I think it’ll be ok. I just need to check it can’t be bypassed!

Thanks For the suggestions sir.

Jason

‌Another common approach that is more dynamic is to move to a “group” based security model that allows you to dynamically change groups when the user logs in. This allows you to have, up to minute security applied to Qlik applications when the user logs into Qlik.

For example, lets say that you secure your data by zip code (postal code). You could create a Section Access table, dynamically for every zip code (postal code) in your data. When a user logs in, you could assign groups to the user (either from your security source, LDAP, etc... or via a UDC pulling from a database). For example, you could add 100 zip codes (postal codes) to user1 and 269 to user2.

Since your zip codes in your data don’t change, except during reloads, you don’t have to worry about extra reloads. However, since your users access rules can changes 1,000’s of times a day (theoretically) you can change those more dynamically.

Also, don’t forget you can create compound groups using a typically REDUCTION technique discussed in other articles.

I have implemented similarly in environments with 5,000+ groups without problems.

Hope that helps.

Thats’s a great idea Steve - thank you!