Solved: Re: Section Access - without User ID and Password - Qlik Community

Permalink · ‎2016-02-02

Good Morning Qlik Community -

I'm new to the Section Access topic and trying to determine if it's possible to use Section Access without having my users enter a User ID and password. My users access my qvw via an internal site.

I've done my research and keep coming back to the same posts but can't seem to find this answer. Would also love an example of how to script this....

Thanks in advance

Peter_Cammaert · ‎2016-02-04

There are various mechanisms at your disposal. If you aren't using a QlikView server (not clear from your OP), then you can simply use NTFS rights to permit/block users accessing your document. However as soon as anyone with access makes a copy of your document, all security measures are lost.

To apply a security system that travels with the document, you can choose from two basic techniques:

Use SA field NTNAME: Comes down to automatic authorization using AD credentials. Everyone has to log in to Windows these days. So you will be able to identify anyone trying to open your document (Desktop or QlikView Server) and grant a specific group or list of users access to your document. Added bonus: this technique comes with SSO (Single-SignOn) which means: Once identified, always identified. If you're good to enter, no questions will be asked.
BTW this is the only secure way of implementing access control without asking for credentials (see your OP)
Use SA field USERID: every visitor to your document will be asked for a User name. If a User ID is entered that matches an SA entry (possibly by accident), access will be granted. If you want to avoid this situation (people obtaining access by accident), you'll have to use either a secret password in combination with a UserID, or you'll have to switch over to using NTNAME.

My first question should have been: what exactly do you want to secure?

Do you want to reduce the group of users that can open your document, no questions asked? Use NTNAME
Do you want to reduce the group of users that can open your document but you cannot use AD authentication? sorry, you'll have to use USERID & PASSWORD. Otherwise you'll have bad security (= no security)
Do you want to reduce the permissions people have when they open your document (but everyone can get in)? Use Sunny's technique (the one with ACCESS=USER, which is the default in QlikView server anyway)
Do you want to secure nothing, but you really want to include SA in your document? Use Sunny's trick with ACCESS=ADMIN. That's the default when opening a document in QV Desktop, so you won't notice any difference.
Do you want to use data reduction? Not sensible without some kind of user identification. Select any of the two technqies at the top, and provide a list of acceptable users with their allowed link field values in your SA table.
Note: having identical data reduction for every person in the world boils down to having a document with too many records loaded. Better solve that one in your regular script.

Best,

Peter

View solution in original post

Gysbert_Wassenaar · ‎2016-02-02

Yes, that's possible. See Re: How to use Windows Password in Section Access?

talk is cheap, supply exceeds demand

sunny_talwar · ‎2016-02-02

Try this section access and it will not prompt you for password:

Section Access;

LOAD * INLINE [

ACCESS, PASSWORD

USER,

];

Section Application;

The application will always open as USER application.

Now to go back to having it as a ADMIN, you can add the Section Access as a Include Statement and you can have another text file on your computer which has this Section Access:

Section Access;

LOAD * INLINE [

ACCESS, PASSWORD

ADMIN,

];

Section Application;

Reload the application with this new Section Access and you will get Admin Privileges back without using any password.

dgreenberg · ‎2016-02-02

Michael,

I understand your post correctly you don't want the users to have to enter a userid and password so why do you want to use Section Access at all?

Permalink · ‎2016-02-03

Hi Dan - I do want to use Section Access but don't want them to enter a password. Our solution is set up that only authorized users are able to access so no need for them to have/enter/maintain another password.

@ Gysbert and Sunny - thanks for your info...I'll take a look a it.

-Michael

marcus_sommer · ‎2016-02-04

More informations could you find here: Section Access and even this might be interesting: Section Access.

- Marcus

dgreenberg · ‎2016-02-04

If you are using NTNAME then it would pass through their credentials from the domain and it won't prompt them for a password.

Mark_Little · ‎2016-02-04

Hi,

As suggested read the linked information for the other members.

But you will want to focus on using the NTAME when building your section access.

This checked against your logon in the form of DOMAIN\USER.

Mark

Peter_Cammaert · ‎2016-02-04

There are various mechanisms at your disposal. If you aren't using a QlikView server (not clear from your OP), then you can simply use NTFS rights to permit/block users accessing your document. However as soon as anyone with access makes a copy of your document, all security measures are lost.

To apply a security system that travels with the document, you can choose from two basic techniques:

Use SA field NTNAME: Comes down to automatic authorization using AD credentials. Everyone has to log in to Windows these days. So you will be able to identify anyone trying to open your document (Desktop or QlikView Server) and grant a specific group or list of users access to your document. Added bonus: this technique comes with SSO (Single-SignOn) which means: Once identified, always identified. If you're good to enter, no questions will be asked.
BTW this is the only secure way of implementing access control without asking for credentials (see your OP)
Use SA field USERID: every visitor to your document will be asked for a User name. If a User ID is entered that matches an SA entry (possibly by accident), access will be granted. If you want to avoid this situation (people obtaining access by accident), you'll have to use either a secret password in combination with a UserID, or you'll have to switch over to using NTNAME.

My first question should have been: what exactly do you want to secure?

Do you want to reduce the group of users that can open your document, no questions asked? Use NTNAME
Do you want to reduce the group of users that can open your document but you cannot use AD authentication? sorry, you'll have to use USERID & PASSWORD. Otherwise you'll have bad security (= no security)
Do you want to reduce the permissions people have when they open your document (but everyone can get in)? Use Sunny's technique (the one with ACCESS=USER, which is the default in QlikView server anyway)
Do you want to secure nothing, but you really want to include SA in your document? Use Sunny's trick with ACCESS=ADMIN. That's the default when opening a document in QV Desktop, so you won't notice any difference.
Do you want to use data reduction? Not sensible without some kind of user identification. Select any of the two technqies at the top, and provide a list of acceptable users with their allowed link field values in your SA table.
Note: having identical data reduction for every person in the world boils down to having a document with too many records loaded. Better solve that one in your regular script.

Best,

Peter

Permalink · ‎2016-02-05

Thanks Peter!