Qlik Community

QlikView Publisher

Discussion Board for collaboration on QlikView Publisher.

Announcements

Breathe easy -- you now have more time to plan your next steps with Qlik!
QlikView 11.2 Extended Support is now valid through December 31, 2020. Click here for more information.

Not applicable

DMS Authorization: restrict on "region" based on LDAP field?

Hi all,

I have read all documentation regarding the server and authorization. But one thing remains unclear. How can you dynamically restrict what a user can see if you are using DSC (directory service) like LDAP or a custom authorization table (username, password, region).

Question: is it just like section access, in the sense that if you both have this "region" field in LDAP table and in your application datamodel, that Qlikview QVS will dynamically restrict access?

Or do you need to have a section access table in each QVW with colums (NT username, Region) in which you make te restriction? Can you also make use of groups?

Situation:

Single Sign on from portal to Qlikview apps, authentication is done via webtickets

Dashboard needs to show only the data associated with the logged in user from the portal (group/region data is stored in the portal authentication system)

Access to reporting portal is needed by:

Customers from outside the company network (not in active directory)

internal users (analysis)

Developers (maintenance)

Thank you very much

Tags (1)
1 Solution

Accepted Solutions
Support
Support

Re: DMS Authorization: restrict on "region" based on LDAP field?

Here is a sample of section access based on a field in the document call Country. The Group column is only to tie things together.

Sam can see every thing.

Steve can see Canada and France

User1 and Batman can see USA

Section Access;

LOAD * INLINE [

    ACCESS, NTNAME, GROUP

    ADMIN, SAM, AGRP

    ADMIN,STEVE, CGRP

    ADMIN,USER1, BGRP

    ADMIN, Batman, BGRP

];

Section Application;

star is *;

LOAD * INLINE [

    GROUP, Country

    AGRP, *

    BGRP, USA

    CGRP, Canada

    CGRP, France

   ];

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
4 Replies
Support
Support

Re: DMS Authorization: restrict on "region" based on LDAP field?

Here is a sample of section access based on a field in the document call Country. The Group column is only to tie things together.

Sam can see every thing.

Steve can see Canada and France

User1 and Batman can see USA

Section Access;

LOAD * INLINE [

    ACCESS, NTNAME, GROUP

    ADMIN, SAM, AGRP

    ADMIN,STEVE, CGRP

    ADMIN,USER1, BGRP

    ADMIN, Batman, BGRP

];

Section Application;

star is *;

LOAD * INLINE [

    GROUP, Country

    AGRP, *

    BGRP, USA

    CGRP, Canada

    CGRP, France

   ];

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
Not applicable

Re: DMS Authorization: restrict on "region" based on LDAP field?

Yeah, this seems to be the solution, but I am not very happy with it (this approach by QV ). I hoped that you could have done it without specifying the usernames and "region restriction" in section access for each user.

  1. You can't directly couple the NT group (or some custom directory group) dynamically to a section application field? E.g. you can read NTNAME but not NTGROUP?
  2. in this solution you only use DMS for authentication... (not field value authorization)
Support
Support

Re: DMS Authorization: restrict on "region" based on LDAP field?

Martijn,

This will work with groups. just use the group name under the tag of NTNAME.

Bill

Bill - Designated Support Engineer at Qlik
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
Not applicable

Re: DMS Authorization: restrict on "region" based on LDAP field?

Thank you very much