Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
simon20
Partner - Contributor III
Partner - Contributor III
‎2020-10-26 06:15 AM

Use section access to limit a subset of user's permissions?

I have an app that should have the following security rule:

  • If USERID is in table X, they should have ACCESS = USER, and a reduction in what data they see
  • Else, the USERID should see all

I have tried to implement this by doing the following:

Section Access;

// People with limited access, setting their reduction to the fields in the table
AccessTable:
LOAD * FROM [LimitedAccessTable];

// Adding admin access to all other users in user group
Concatenate(AccessTable)
LOAD * INLINE [
ACCESS,USERID,GROUP,REDUCTION
ADMIN,INTERNAL\SA_SCHEDULER,*,*
ADMIN,*,USERGROUP,*
];

The problem here is that users in the first table also get admin access through the second table load. I have tried to limit the second load by using statements like "WHERE NOT EXISTS(USERID)" and adding a third section:
INNER JOIN(AccessTable)
LOAD 
USERID,
MaxString(ACCESS) AS ACCESS
RESIDENT AccessTable
GROUP BY USERID;

None of these work. I think the issue is that the '*' value is not converted to actual user info until after the data load.

Anyone have any idea on how to work around this?

424 Views
0 Likes
0 Replies