Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi all,
I have read all documentation regarding the server and authorization. But one thing remains unclear. How can you dynamically restrict what a user can see if you are using DSC (directory service) like LDAP or a custom authorization table (username, password, region).
Question: is it just like section access, in the sense that if you both have this "region" field in LDAP table and in your application datamodel, that Qlikview QVS will dynamically restrict access?
Or do you need to have a section access table in each QVW with colums (NT username, Region) in which you make te restriction? Can you also make use of groups?
Situation:
Single Sign on from portal to Qlikview apps, authentication is done via webtickets
•Dashboard needs to show only the data associated with the logged in user from the portal (group/region data is stored in the portal authentication system)
•Access to reporting portal is needed by:
–Customers from outside the company network (not in active directory)
–internal users (analysis)
–Developers (maintenance)
Thank you very much
Here is a sample of section access based on a field in the document call Country. The Group column is only to tie things together.
Sam can see every thing.
Steve can see Canada and France
User1 and Batman can see USA
Section Access;
LOAD * INLINE [
ACCESS, NTNAME, GROUP
ADMIN, SAM, AGRP
ADMIN,STEVE, CGRP
ADMIN,USER1, BGRP
ADMIN, Batman, BGRP
];
Section Application;
star is *;
LOAD * INLINE [
GROUP, Country
AGRP, *
BGRP, USA
CGRP, Canada
CGRP, France
];
Bill
Here is a sample of section access based on a field in the document call Country. The Group column is only to tie things together.
Sam can see every thing.
Steve can see Canada and France
User1 and Batman can see USA
Section Access;
LOAD * INLINE [
ACCESS, NTNAME, GROUP
ADMIN, SAM, AGRP
ADMIN,STEVE, CGRP
ADMIN,USER1, BGRP
ADMIN, Batman, BGRP
];
Section Application;
star is *;
LOAD * INLINE [
GROUP, Country
AGRP, *
BGRP, USA
CGRP, Canada
CGRP, France
];
Bill
Yeah, this seems to be the solution, but I am not very happy with it (this approach by QV ). I hoped that you could have done it without specifying the usernames and "region restriction" in section access for each user.
Martijn,
This will work with groups. just use the group name under the tag of NTNAME.
Bill
Thank you very much