Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Alex
Contributor II
Contributor II
‎2018-12-03 08:22 AM

section access - * values

Hi all,

The idea is to have two different User-Level Access values (ACCESS_A and FULL ACCESS). People with ACCESS_A will have access to one ore more ACCOUNTS while those with FULL ACCESS will be able to see all accounts.

As an admin, I'm trying with qlikview desktop in my local pc and it works perfectly. If I have full access, I can see all data but If I change to ACCESS_A I only see some specific accounts.
The problem comes when I publish the document to INTEGRATION where it works with ACCESS_A but for full access raises the following error: "Access denied. You're not able to open the document 19"

My config and code below:

settings > document properties > opening > initial data reduction based on section access and strict exclusion (both checked)

SECURITY:
LOAD * INLINE [
ACCCESS,NTNAME,User-Level Access,Account_Key
USER,AUTH\USER_1,ACCESS_A,ACCOUNT_A
USER,AUTH\USER_2,*,*
USER,AUTH\USER_3,ACCESS_A,ACCOUNT_B
];

Concatenate
LOAD * INLINE [
ACCCESS,NTNAME,User-Level Access,Account_Key
ADMIN,AUTH\SERVICE_ACCOUNT_INTEGRATION,*,*
ADMIN,AUTH\SERVICE_ACCOUNT_PRODUCTION,*,*
ADMIN,AUTH\ADMIN,*,*
];

//Section Access
section access;

LOAD *
RESIDENT SECURITY;

section Application;

Any idea?

Thanks for your support!

2,394 Views
0 Likes
12 Replies
Alex
Contributor II
Contributor II
‎2018-12-04 05:02 AM
Author

In response to albert_guito
Hi Albert,

Still doesnt' work with blank space.

If I set my user with access = "USER" instead of "ADMIN" and ACCOUNT_KEY = "*" instead of some specific accounts, I can't access to Qlikview (access denied). Find attached the security.qvd format.

Btw, USER-LEVEL ACCESS is just to hide/show some buttons in the main pane.


The section access code:

section access;

LOAD ACCESS,
NTNAME,
ACCOUNT_KEY
FROM
[..\..\Data\Delivery_Hours_Dashboard\Security.qvd]
(qvd);

section Application;

OLEDB CONNECT TO XXX;

SQL SELECT distinct R.regionalID as ACCOUNT_KEY,
R.regionalName as 'Account Name'
FROM Regional R;
423 Views
0 Likes
albert_guito
Creator II
Creator II
‎2018-12-04 10:00 AM

In response to Alex

Ummm ... you have to be carefull with the order of reloads when uses seccion access.

You allways have to do it within an ADMIN user without reductions.

Did you run the sample I attached?

Albert

Ag+
409 Views
0 Likes
Alex
Contributor II
Contributor II
‎2018-12-04 06:26 PM
Author

In response to albert_guito

After doing some changes it works in local as expected.

However, once I move to the Content development environment and the server runs the .qvw I can't open it from the access point (failed to open, again).

The point is that if I download the reloaded .qvw to my desktop, I'm able to open it and the security is applied as expected.

I only add one line in the security.qvd with my AUTH NTNAME and USER = "ADMIN". I have also added the service accounts for both servers.

What's the problem in the server then?

400 Views
0 Likes