Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing a new Enhanced File Management feature in Qlik Cloud! GET THE DETAILS!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2012-09-10 11:57 AM

Section Access - Match AD User Name and AD Group Name?

Is it possible to match both the AD user name and AD group name for a user when they login?

I am trying to achieve the following:

  • When someone in the Sales AD group logs in, they can see
    • All fields and records that are not sensitive
    • All fields and records available to the Sales AD Group
    • All field and records available to only that user
  • When someone NOT in the Sales AD group logs in, they can see
    • Only fields and records that are not sensitive

Example:

  1. Bob in sales logs in. He can see
    1. revenue (available to everyone),
    2. how all of the sales accounts are performing (only available to Sales group), and he can also see
    3. how he is performing versus his sales targets (only available to Bob)
  2. Sally in sales logs in. She can see
    1. revenue (available to everyone),
    2. how all of the sales accounts are performing (only available to Sales group), and she can also see
    3. how she is permorming versus her sales targets (only available to Sally).
  3. Jim in Operations logs in. He can only see
    1. revenue (available to everyone).

Is this possible? I've read the manual, but it isn't clear if QlikView can figure out both the individual and the group for a user and use that to drive the data reduction.

Any help is appreciated!

747 Views
0 Likes
1 Reply
sbaldwin
Partner - Creator III
Partner - Creator III
‎2012-09-11 07:32 AM

Hi, yes it is possable to assign the permissions based on both group and the username, all you need to do is load both into your section access table, the example below is for a user qv, and 2 groups called G1 and G2 the user qv is in both groups. and hence can see DATA_GROUP's 1,4 and 5.

The problem you will have through is that you must assign an ACCESS to the user and the groups and these MUST match, if they don't then the permissions derived from the USER link will be ignored. ie your ADMIN user(s) cannot be in the AD groups that your USER's are in!

Hope this helps

Steve


Section Access;
LOAD
ACCESS,
NTNAME,
'S-1-5-21-2795366118-2562490276-2243940551' as NTDOMAINSID,
DATA_GROUP

INLINE [
    ACCESS, NTNAME,DATA_GROUP
    ADMIN, WIN2003-L03VM\qv,1
    ADMIN, WIN2003-L03VM\G1,4
    ADMIN, WIN2003-L03VM\G2,5
];
Section Application;

264 Views
0 Likes