Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
I could need some help. I’m testing Access Control. Therefore I have build a Qlikview Document named Allowance it has 5 sheets: Start, Information, Dashboard, Dimensions and Controle. I have a QVD, named AccessAllowance. I get this QVD from our DWH-manager.
The rules for the Access are:
At this moment:
I build in point 4 and 5 but I think at the wrong place.
I’m not so happy with the inline Marker-tables, but at the moment I think there is no other solution.
The IF-statements where REPORTINGALLOWANCEDEMENSION_PK is tested, doesn’t work at all, that’s why I comment them.
I hope some can help me with my access-problems. Perhaps I should ask for a new designed QVD. The QVD is build with the DWH rules as basis.
I have added my Document and QVD’s
Thanks in regards
Section access within qlik worked a bit different of that what do you described as wanted. An user is included within the section access or not and the user had valid dimension-values within the key-fields between the section access and section application part or not respectively the user is or isn't included with dimensions in the OMIT field.
To 1. - 3. you could use SSO - this meant the windows authentication from the OS goes through to the section access which needs only to include NTNAME (beside ACCESS and any key-fields or an OMIT field) without the need of a PASSWORD.
To 4. - 5. this couldn't be included within section access else you need to use these information within a where-clause to exclude those user which aren't active or which time-windows isn't valid anymore.
To 6. - 7. this is the classical section access part which needs to be implemented by the section access key-fields
To 8. This is mainly an additional part of usability and not mandatory a security part. This meant are the data itself not permitted it's harmless if they could access those sheets/objects and are the data not secured the access-control to sheets/objects won't be absolutely safe.
I suggest to take a look here: Section Access.
- Marcus
Hello Marcus,
Thank you for your Support.
Your answer brings new questions.
About 1/3: I will talk will the administrator about that (about rules etc.), Qadmin is already active without any problems
About 4/5: I never worked with a where-clause, perhaps you can me help with that if it is not to complicated
About 6/8: I watched the examples, I think the QVD I use is not correct because I have 1 column for all Dimensions and one for the Dimension-values. I think I need for every Dimension and its value one column. I have at the moment 4 dimensions, so I think I need 4 columns.
The reasons normal users are not allowed to see all sheets:
1 sheet will have a selection box for the markers/flags and some tables, normal users are not allowed to use that selection box
1 sheet will have some control tables and information for designers and developers
I don’t know if you watched my section access? When I compare my section access with the examples I saw, my section looks very different with all the marker tables and so
Perhaps you have a better solution there for me
Thanks in regards,
Court
I agree that your section access looked very different to those kinds which I use or which I have seen anywhere. I don't want say that your approach couldn't be implemented - I don't understand your markers/flag logic - but I'm sure that there are easier logics if you followed the examples from the link above. This meant to start with a simple example from the introduction and then to extend this step by step instead of the attempt to implement a role-logic 1: 1 from another tool.
To 4/5 - I meant the following:
load * from source
where InActive = 1 and
today() >= DIMENSIONVALUEVAILEDFROM and today <= DIMENSIONVALUEVAILEDTO
To 6/8 - yes you will need to transform (maybe per The Generic Load) your dimensions-field and the corresponding value-field into single columns whereby you here you need a certain logic respectively hierarchy between them to create a proper datamodel (no circular loops or synthetic keys). Further your access-restrictions mustn't be to exclude eachother - one denial and/or missing allowance will prevent the data-access - no further authorization will overwrite them again.
- Marcus
Hallo Marcus,
Thanks for your answer.
I just printed the document with generic load, I will try to transform my table using the example in that document
After that I try to transform my section stepby step.
Hope I'll manage that with no Problems, Keep you informed
Regards
Court