Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi all,
Is there a way to control security in QV without a reload? (I'm looking for alternatives to heavy utilisation on NT permissions.)
I like the idea of the section access feature, but a downside is the need for a reload once a change has been made to the excel file as an example.
If I used section access to refer to an AD group, when the doc is reloaded does QV pull in all the users within that AD group, or does it just pull in the AD group name to use as a reference for controlling security; therefore I could add/remove users from the AD group and the changes would take effect without the need for a doc reload?
Are there any security add-ins or 3rd party tools to assist security?
Any other options or recommendations would be greatly received!
Many thanks!
You will just need to return one row for each combination of AD group (in the NTNAME field) and any other data attributes on which you want to apply row level filtering.
You just join these data fields from your section access table into your data model when you load the data in your standard load script (i.e. in the SECTION APPLICACTION script after your SECTION ACCESS script).
Fields are automatically linked in Qlikview by name, so if you were to load a table containing a field called AREA in your load script, the data would be filtered based on the contents of your section access table (i.e. in your sample section access table, members of AdminUsersGrp would see all areas, and members of UsersGrp would see AREA 1). You won't see these links in the table viewer as the section access tables are not visible, but they will be applied assuming you have applied the appropriate document level settings.
There are a lot of other considerations when using section access depending on your deployment (for example, you need to secure access to your QVW's, and or ensure that binary loads are prohibited). I would strongly suggest reading all of the Section Access documentation in the Qlikview Reference Manual. You should also back up your QVW's regularly when making changes to the security settings, as it is easy to accidentally lock yourself out if you get something wrong.
Regards,
Graeme
If you use AD groups in Section Access, the new group members should be picked up without a reload of the document.
Regards,
Graeme
Brill, thats an option.
How would I then manage additional cols in section access, i.e.
ACCESS, NTNAME, AREA, OTHER
ADMIN, AdminUsersGrp, *,Y
USER, UsersGrp, 1,N
I might need to control the cols AREA & OTHER on an individual user basis? How does everyone cmbat this?
You will just need to return one row for each combination of AD group (in the NTNAME field) and any other data attributes on which you want to apply row level filtering.
You just join these data fields from your section access table into your data model when you load the data in your standard load script (i.e. in the SECTION APPLICACTION script after your SECTION ACCESS script).
Fields are automatically linked in Qlikview by name, so if you were to load a table containing a field called AREA in your load script, the data would be filtered based on the contents of your section access table (i.e. in your sample section access table, members of AdminUsersGrp would see all areas, and members of UsersGrp would see AREA 1). You won't see these links in the table viewer as the section access tables are not visible, but they will be applied assuming you have applied the appropriate document level settings.
There are a lot of other considerations when using section access depending on your deployment (for example, you need to secure access to your QVW's, and or ensure that binary loads are prohibited). I would strongly suggest reading all of the Section Access documentation in the Qlikview Reference Manual. You should also back up your QVW's regularly when making changes to the security settings, as it is easy to accidentally lock yourself out if you get something wrong.
Regards,
Graeme
Brill, many thanks for your help!