Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
YoussefBelloum
Champion
Champion

Section access resident load '*' values

Hi everybody,

Is there any restriction loading NTNAME or USERID fields having '*' values on the previous load in a Section Access table ?

Thank you

14 Replies
Anil_Babu_Samineni

Previous Load ?? As far i came across no..

Please add me Anil_Babu_Samineni to interact faster when reply back. Speak low think High.

Before develop something, think If placed (The Right information | To the right people | At the Right time | In the Right place | With the Right context)
PabloTrevisan
Partner - Creator II
Partner - Creator II

Let me see if I understand, you want to load the USERID field with a '*'? Usually the * is used for a USERID to have access to everything, and this is done like this:


Section Access;


LOAD * inline [

  ACCESS, USERID, REDUCTION

  ADMIN, DOMAIN\USER1, USER1

  USER,   DOMAIN\USER2, USER2

  USER,  INTERNAL\SA_SCHEDULER,,,*

];


Section Application;

Star is *;

REDUCT:

Load * InLine [

    REDUCTION, CONTRY

    USER1, *

    USER2, USA

   ];



I may not have understood your questioning.   =]


YoussefBelloum
Champion
Champion
Author

Yes previous load..

example:

SECURITY_TMP1:

LOAD ACCESS,

           NTNAME

FROM..

SECURITY_TMP2:

load ACCESS,

         '*' as USERID,

          NTNAME,

Resident  SECURITY_TMP1:


as soon as i Re-call the USERID with a resident (after I put the '*' on it), section access don't work anymore (and If I don't add some Administrators giving them a USERID Value and an * on the NTNAME) I loose the document..


the only way is when I I call the table with a resident, is to Create again that field ('*' as USERID).. so don't make sense to insert '*' values before the last load.


YoussefBelloum
Champion
Champion
Author

I work with both NTNAME and USERID fields because I'm using two server (on DEV and one PROD).

on the PROD I use NTNAME and Put '*' on the USERID

on the DEV I use USERID and put '*' on the NTNAME (to manually insert access and test the restrictions and verify that everything is working good on the section access)

Anil_Babu_Samineni

Did you understand how USERID calling here? and What is the diff between USERID and NTNAME

Please add me Anil_Babu_Samineni to interact faster when reply back. Speak low think High.

Before develop something, think If placed (The Right information | To the right people | At the Right time | In the Right place | With the Right context)
YoussefBelloum
Champion
Champion
Author

Yes, our customers values are on the NTNAME and on the USERID we use the network administrators accounts, so we use both

marcus_sommer

Why not just using two different section access statements and branching them with something like:

if ComputerName() = 'Prod' then

     SectionAccess1

else

     SectionAccess2

end if


- Marcus

YoussefBelloum
Champion
Champion
Author

That's exactly what I have now in front of me.. a variable using ComputerName().. it didn't work because I've tried:

If( not match(that_variable,'server1','server2')

put * on the NTNAME and use NTNAME as USERID (to be able to enter manually the creditentials)..

else

* as USERID, NTNAME

it didn't work because we have two PROD server, one dedicated to the publisher and one dedicated to the reload..

(but this is another problem..)

my question like you can read above, is that '*' values are not recognized anymore if load them using resident

YoussefBelloum
Champion
Champion
Author

here is the security I've implemented and managing today:

Section access;

// ADMIN_ACCESS (NO RESTIRICTION)

SECURITY:

LOAD ACCESS,

      NTNAME

FROM

// JOIN ALL THE BU, ALL THE G21 AND ALL THE G3 AND ALL THE SALES_MAN FOR ADMIN_ACCESS

left join

load distinct

BU,

'ALL_CUSTOMERS' as G21_SECURITY,

'ALL_CUSTOMERS' as G3_SECURITY,

'ALL_CUSTOMERS' as SALES_MAN_SECURITY

resident BusinessUnit;

// DIVISION_ACCESS (RESTRICTED BY BU)

concatenate (SECURITY)

load *,

'ALL_CUSTOMERS' as G21_SECURITY,

    'ALL_CUSTOMERS' as G3_SECURITY,

    'ALL_CUSTOMERS' as SALES_MAN_SECURITY

FROM

// G12_ACCESS (RESTRICTED BY BU, G21, G3,SALES_MAN)

TMP_KAM:

load 1 as Flag_anticoncatenate,

ACCESS,

upper(NTNAME) as NTNAME,

upper(BU) as BU,

upper(G21) as G21_SECURITY,

upper(G3) as G3_SECURITY,

upper(SALES_MAN) as SALES_MAN_SECURITY

FROM

// CONCATENATE G12_ACCESS TABLE ON THE SECURITY TABLE

concatenate (SECURITY)

load ACCESS,

NTNAME,

BU,

G21_SECURITY,

G3_SECURITY,

SALES_MAN_SECURITY

resident TMP_KAM;

// GIVE A USEDID (*) FOR ALL THE USERS AND CREATE THE SECURITY KEY

SECURITY_WINDOWS_TMP:

load ACCESS,

'*' as USERID,

NTNAME,

BU&'|'&G21_SECURITY&'|'&G3_SECURITY&'|'&SALES_MAN_SECURITY as KEY_SECURITY

resident SECURITY;

drop table SECURITY;

drop table TMP_KAM;

///////////////////////////////////////////// START SCRIPT CHECKING THE DEV AND PROD ENVIRONMENT TO SWITCH NTNAME AND USERID (ASKING FOR CREDITENTIALS ON LOCAL AND DEV) ///////////////////////////////////////

//IF ON LOCAL MACHINE OR DEV SERVER (ASK FOR CREDITENTIALS)

TRACE $(vComputerName);

IF NOT Match('$(vComputerName)','LOO9-S00QV1','LOO9-S00QV2') THEN

SECURITY_WINDOWS:

NoConcatenate

LOAD ACCESS,

'*' as NTNAME,

NTNAME as USERID,

KEY_SECURITY

Resident SECURITY_WINDOWS_TMP;

DROP Table SECURITY_WINDOWS_TMP;

// SERVER_ACCESS (BACKUP ACCESS AND NETWORK ADMINISTRATOR)

concatenate (SECURITY_WINDOWS)

load ACCESS,

USERID,

NTNAME,

KEY_SECURITY

FROM

//ELSE IF ON PRODUCTION SERVER MACHINE (APPLY NORMAL SECURITY)

ELSE

SECURITY_WINDOWS:

NoConcatenate

LOAD *

Resident SECURITY_WINDOWS_TMP;

DROP Table SECURITY_WINDOWS_TMP;

// SERVER_ACCESS (BACKUP ACCESS AND NETWORK ADMINISTRATOR)

concatenate (SECURITY_WINDOWS)

load ACCESS,

USERID,

NTNAME,

KEY_SECURITY

FROM

ENDIF

///////////////////////////////////////////// END SCRIPT CHECKING THE DEV AND PROD ENVIRONMENT TO SWITCH NTNAME AND USERID (ASKING FOR CREDITENTIALS ON LOCAL AND DEV) ///////////////////////////////////////

Section Application;

finally the test detecting the DEV and PROD is not working yet because it is not working with the ComputerName(), I will maybe try to detect the name of the harddrive on which the app is copied.

but the GREYED part is the part that present a problem for me, I removed the test, If I don't remove this part (and so loading a previously '*' values on USERID) the section access don't work anymore