Skip to main content

Qlik Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
[WEBINAR] Accenture & Qlik: Accelerating BI Migration to SaaS with Qlik on Dec 13th: REGISTER
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2017-02-09 01:17 PM

How to handle data reduction for users not in authentication list

Hi Qlik Experts,

I am trying to build a section access entitlement logic in my application using NTNAME. Strict exclusion is already checked.

We maintain a file having list of users along with their required privileges (Eg: how gets to see what Region)

The section access logic built to reduce the fact table is based on the Region a user is entitled to. This is done using NTNAME and USEREMAILID

Obviously, whenever any user who is not a part of that user list, tries to access the application, he/she gets a pop up window:

"Failed to open the document you do not have access to the document"

Requirement:

   

We want such users to be able to at least open the home page of the application and not get the above pop up error.

To do this, I have appended a dummy fact row (Region = NOREGION) that matches with the authorization table on basis of USEREMAILID = NOEMAIL

ACCESS,NTNAME,USEREMAILID

ADMIN,JohnDoe@lg.com,JohnDoe@lg.com

ADMIN,qvdevID,*

ADMIN,*,NOEMAIL

Issue:

This works good for any user who is not part of the entitlement list. When they open the application, NOEMAIL profile gets assigned and they can see homepage but have no other access

However, for users who are part of the entitlement list, now they get 2 profiles for themselves:

USEREMAILID

JohnDoe@lg.com

NOEMAIL

How can I reduce USEREMAILID to have only one value (i.e JohnDoe@lg.com)  when JohnDoe logs in?

"OnOpen" document trigger wont work I believe (esp. in Ajay client).

I am pretty sure this is a standard usecase. I tried to look at the forum pages but could not find similar to my requirement.

Thanks

547 Views
0 Likes
2 Replies
Anonymous
Not applicable
‎2017-02-09 05:10 PM
Author

In case my explanation lacks some background..... I am using * in the NTNAME which satisfies both type of users (one who are part of the entitlement list and the ones who are not). And this creates the issue of having 2 USEREMAILID profiles for a user who is part of entitlement list. If i take out * from NTNAME, users not in the list will get Failed to open the document .... message.

In QlikView, almost always there is more than one way of doing something, so wondering how to allow a user with no real data access to atleast open the application home page screen. (where he/she will be further directed to go to a internal company page).

Adding a dummy email row in authorization table (USEREMAILID = NOEMAIL) as well as adding a dummy region in the fact table (Region = NOREGION) is what i am trying to do. But no luck so far.

448 Views
0 Likes
marcus_sommer
MVP & Luminary
MVP & Luminary
‎2017-02-10 07:57 AM

In response to Anonymous

I think you couldn't bypass the assigning of two profiles with this approach. Of course you could do further adjustments within your application to hide the data from the second profile with further conditions on the osuser() in the dimensions/expressions or the objects.

Instead of this I would use two applications - one is the real one and the second one without the data - and control their visibility within the access point per section access with this option:

- Marcus

448 Views
0 Likes