Solved: Re: section access not reducing data for ad users - Qlik Community

Permalink · ‎2015-01-08

hello all,

we are trying to reduce data for users based on operating_unit,

our customers access qlikview application from our product, authentication is done using a web ticket approach and users can now access the qlikview application without a problem. We don't maintain user data and authentication is done using LDAP.

Now, we want to implement data reduction using section access. We don't want to have another prompt for user/password, so i created section access script like this:

SECTION Access;

LOAD * Inline [

ACCESS, NTNAME, USERID, OPERATING_UNIT

USER, DOMAIN\X1, *, 87

USER, DOMAIN\X2, *, 93

];

Section Application;

both the users can access the application and can see the complete data, reduction is not working. if i select strict exclusion, it is prompting for a user/pwd.

Can anyone tell me how to fix this?

Thanks

Ramakanth

Permalink · ‎2015-01-08

What happens when you remove UserID and enable both 'Initial data reduction based on Section Access' and 'Strict Exclusion'

View solution in original post

Permalink · ‎2015-01-08

Does your data model have 'OPERATING_UNIT' field in some table. Also can anyone other than those two access the application. Does 87 and 93 values exit in your Data-model data? Also I dont think you need USERID.

Permalink · ‎2015-01-08

OPERATING_UNIT field exists and values 87,93 are valid operating unit values.

this is in testing so i am trying with two users for now. if i don't select strict exclusion both users can access the application, if i select strict exclusion it is asking for a user/pwd.

martinpohl · ‎2015-01-08

Did you activate "reduce data" under settings / document settings / on open?

Permalink · ‎2015-01-08

What happens when you remove UserID and enable both 'Initial data reduction based on Section Access' and 'Strict Exclusion'

Permalink · ‎2015-01-08

if i remove userid & enable strict exclusion, it worked.

But me as a developer if i close the application i cannot open it any more. I added userid in the section access so that developer can open the application if needed with a user/pwd.

Is there a way where developer can open the application (with/without a user/pwd) and end users should access the application with out entering a user/pwd.

thanks

Permalink · ‎2015-01-08

You can just add the Developers credentials as ADMIN like

SECTION Access;

LOAD * Inline [

ACCESS, NTNAME, OPERATING_UNIT

ADMIN, DOMAIN\Developer1, *

ADMIN, DOMAIN\Developer2, *

USER, DOMAIN\X1, 87

USER, DOMAIN\X2, 93

];

Section Application;

But there is a small catch here. When you use * the developers would be able to see only 87 and 93, because * only includes everything thats been mentioned in the list. If you have other values like 88,89 then you have to do something like

SECTION Access;

LOAD * Inline [

ACCESS, NTNAME, OPERATING_UNIT

ADMIN, DOMAIN\Developer1, *

ADMIN, DOMAIN\Developer1, 88

ADMIN, DOMAIN\Developer1, 89

ADMIN, DOMAIN\Developer2, *

USER, DOMAIN\X1, 87

USER, DOMAIN\X2, 93

];

Now Developer2 will see 87,88,89 and 93

Permalink · ‎2015-01-08

thank you ajay. I did similar changes to script and developer can open the application now..