Sercurity - Qlik Community

Report Inappropriate Content · ‎2015-02-12

Hi

I have a model which I need certain Users to only see specific data.

In the data I have a field called LoS which I want to use to configure my sercurity.

LoS values : Secttion 1

Section 2

Section 3

Section 4

I want certain User to only see Section 3 data in the LoS field

How can I do this?

Colin-Albert · ‎2015-02-12

You need to implement Section Access.

Introduction to Section Access

Peter_Cammaert · ‎2015-02-12

Add this to the front of your load script. First, make a backup of your document without section access. Just to be safe.

Section Access;

LOAD * INLINE [

ACCESS, USERID, PASSWORD, LOSLINK

USER, USER1, USER1, SECTION3

];

Section Application;

SALink:

LOAD * INLINE [

LOSLINK, LoS

SECTION3, Section 3

];

:

Then in Settings->Document Properties->Opening, enable "Initial Data Reduction based on Section Access" and "Strict Exclusion". Reload, save and reopen.

Again, make sure you have a backup copy of your document if you start experimenting with Section Access.

Good luck,

Peter

Report Inappropriate Content · ‎2015-02-12

Hi Peter

I tried to apply your solution but have been locking myself out...luckily I've been creating back ups

.

Here is the currently implemented sercurity. It is using a SQL table to store Users details. Ho can I add your logic to this sercurity? I want ADMIN to see everything and USER to only see "Section 3" in the LOS field

section access;

LOAD * INLINE [
     ACCESS, NTDOMAINSID, USERID, PASSWORD,USERNAME, SERIAL, NTNAME, USERKEY, SECUREOFFICE, OMIT
     ADMIN, *, TSFORLIFE, TS23, TSFORLIFE, *, *,DEIXIS,*,
     ADMIN, *, TSFORLIFE, TS23, TSFORLIFE, *, *,DEIXIS,ALL,
     ADMIN,S-1-5-21-220523388-1326574676-725345543,*,*,*,*,za-server$,*,*,
     ADMIN,S-1-5-21-220523388-1326574676-725345543,*,*,*,*,za-server,*,*,
];

//NT AUTHENTICATION
LOAD
//IF(TYPE='QVE','ADMIN','USER') AS ACCESS,
upper([TYPE]) AS [ACCESS],
'S-1-5-21-220523388-1326574676-725345543' as NTDOMAINSID,
'*' AS USERID,
'*' AS PASSWORD,
upper(USERID) AS USERNAME,
'*' AS SERIAL,
upper(USERID) AS NTNAME,
upper(USERID) AS USERKEY,
UPPER([SEC_GROUP]) AS SECUREOFFICE,
OMIT;
SQL SELECT
USERID,
     "SEC_GROUP",
     "PASSWORD",
     "TYPE",
     "QV_NOT_SHEETS",
     OMIT,
     MODEL,
     COMMENTS
FROM QLIKVIEW.LVE."SECURITY_QLVADMIN"
WHERE MODEL = '$(vModel)';

section application;
star is ;

Peter_Cammaert · ‎2015-02-12

Two questions:

Do you really need all those different authentication types & fields? On average, in an enterprise environment, NTNAME will do (fill it with domainname\accountname combinations).
Is this just an access table, or do you reduce already according to the security ID? To put it differently, does any of the fields USERNAME, USERKEY or SECUREOFFICE link through to the data model of your document? If yes, you'll have to create a composite key.

Don't forget that the Role = ADMIN does not exist in the AccessPoint. Overthere, everyone is treated as an ordinary USER.

Peter

Report Inappropriate Content · ‎2015-02-12

This Section Access script was done by another developer so I'm much clued here.

What I do know is the model owner wants the data automatically reduced for all USER access and yes there is a field on the table SECUREOFFICE linked through to the data model