Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2012-11-23 06:59 AM

Control security without reload? Options?

Hi all,

Is there a way to control security in QV without a reload? (I'm looking for alternatives to heavy utilisation on NT permissions.)

I like the idea of the section access feature, but a downside is the need for a reload once a change has been made to the excel file as an example.

If I used section access to refer to an AD group, when the doc is reloaded does QV pull in all the users within that AD group, or does it just pull in the AD group name to use as a reference for controlling security; therefore I could add/remove users from the AD group and the changes would take effect without the need for a doc reload?

Are there any security add-ins or 3rd party tools to assist security?

Any other options or recommendations would be greatly received!

Many thanks!

696 Views
0 Likes
1 Solution

Accepted Solutions
Not applicable
‎2012-11-23 08:31 AM
Author

In response to

You will just need to return one row for each combination of AD group (in the NTNAME field) and any other data attributes on which you want to apply row level filtering. 

You just join these data fields from your section access table into your data model when you load the data in your standard load script (i.e. in the SECTION APPLICACTION script after your SECTION ACCESS script).

Fields are automatically linked in Qlikview by name, so if you were to load a table containing a field called AREA in your load script, the data would be filtered based on the contents of your section access table (i.e. in your sample section access table, members of AdminUsersGrp would see all areas, and members of UsersGrp would see AREA 1).  You won't see these links in the table viewer as the section access tables are not visible, but they will be applied assuming you have applied the appropriate document level settings.  

There are a lot of other considerations when using section access depending on your deployment (for example, you need to secure access to your QVW's, and or ensure that binary loads are prohibited).  I would strongly suggest reading all of the Section Access documentation in the Qlikview Reference Manual.  You should also back up your QVW's regularly when making changes to the security settings, as it is easy to accidentally lock yourself out if you get something wrong.

Regards,

Graeme

View solution in original post

370 Views
0 Likes
4 Replies
Not applicable
‎2012-11-23 07:05 AM
Author

If you use AD groups in Section Access, the new group members should be picked up without a reload of the document.

Regards,

Graeme

370 Views
Not applicable
‎2012-11-23 07:36 AM
Author

In response to

Brill, thats an option.

How would I then manage additional cols in section access, i.e.

ACCESS, NTNAME, AREA, OTHER

ADMIN, AdminUsersGrp, *,Y

USER, UsersGrp, 1,N

I might need to control the cols AREA & OTHER on an individual user basis? How does everyone cmbat this?

370 Views
0 Likes
Not applicable
‎2012-11-23 08:31 AM
Author

In response to

You will just need to return one row for each combination of AD group (in the NTNAME field) and any other data attributes on which you want to apply row level filtering. 

You just join these data fields from your section access table into your data model when you load the data in your standard load script (i.e. in the SECTION APPLICACTION script after your SECTION ACCESS script).

Fields are automatically linked in Qlikview by name, so if you were to load a table containing a field called AREA in your load script, the data would be filtered based on the contents of your section access table (i.e. in your sample section access table, members of AdminUsersGrp would see all areas, and members of UsersGrp would see AREA 1).  You won't see these links in the table viewer as the section access tables are not visible, but they will be applied assuming you have applied the appropriate document level settings.  

There are a lot of other considerations when using section access depending on your deployment (for example, you need to secure access to your QVW's, and or ensure that binary loads are prohibited).  I would strongly suggest reading all of the Section Access documentation in the Qlikview Reference Manual.  You should also back up your QVW's regularly when making changes to the security settings, as it is easy to accidentally lock yourself out if you get something wrong.

Regards,

Graeme

371 Views
0 Likes
Not applicable
‎2012-11-26 06:56 AM
Author

In response to

Brill, many thanks for your help!

370 Views
0 Likes