Qlik Community

QlikView Publisher

Discussion Board for collaboration on QlikView Publisher.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
karensmith
New Contributor

Section Access using windows users and Network users

I currently have an application that uses section access. User ids are related to a variable vCust. Depending on the user the objects will display data based on customer (vCust) associated to the user.

Here is my script;



Section Access;
Security:
LOAD * INLINE [
ACCESS, USERID, PASSWORD, NTNAME, DIST_ID

ADMIN, admin, xxx, *

USER, TSmith, abc, *,DIST1 ------This a local server user that will access via outside our LAN.

USER, *, *,KSmith,DIST2 ----This is a domain user that will access inside our LAN
];
Section Application;

LOAD DISTINCT DIST_ID, Resident Security;

We currently use Publisher. The application is scheduled in publisher to reload and distribute job.

If I use the 'admin' user and reload via the server development client. Application seems to be okay, but from IE the applicaitons just hangs.

What I don't understand is shoudl the network user connect to Access Point via Network profile and then log into the application. Should the network user be in the distribute list on the server? And, should the local user be in the distribute list on the server?

How should section access work when combined with Publsher and local server users and network users. What all should be configured?



11 Replies

Section Access using windows users and Network users

Hello Karen,

You may use the QVUser() built-in function to get the user currently logged into the document to set which objects the user is able to see. Anyway, It's just a comment.

Regarding your section access, when you use IE plugin, by default it sends your Windows login credentials to the AccessPoint and to the section access, if any, in the document. So there is no need for PASSWORD in those records, since QlikView server will compare the login information with Active Directory and allow or deny access accordingly.

Bear in mind that when you open a document in the Desktop application, ADMIN and USER ACCESSes are respected. When you access through the server, all users have USER status, even when they have been explicitly declared otherwise in your script (so they won't be able to reload, access the script and so).

Besides, when you use "*" in section access, it means "all values listed for this field in section access" and they accumulate, so DIST_ID field will have DIST1 and DIST2 for both TSmith and KSmith.

Basically you are mixing user and password users with Active Directory users, and that's where QlikView doesn't know who prevails or even if they have some correspondence between them.

If having a user and password to log into the documents is not a problem for your users, I would set all them up without NTNAME, with their correspondents USERID and PASSWORD field, moreover when you are accessing both from local and wide networks. At least, I'd try for testing with this. Once you have that working, you may concatenate another table with corresponding NTNAME records.

Hope that helps.

karensmith
New Contributor

Section Access using windows users and Network users

Miquel,

Thank you for your response. I understand a little better now. If you don't mind I still have one more question. This the only application at the moment that will have the security variation. So, if I set every user up in the script with a user id and password, will I still need to give access from the 'distribute' tab on the server?

thank you in advance

Section Access using windows users and Network users

Hi Karen,

I'd suggest you to do so, until you have all your security requirements accomplished and you can use the "*" meaning "all users". It will take some time but it will help you to check how are your users working and reducing data.

Regards.

karensmith
New Contributor

Section Access using windows users and Network users

thanks again Miquel.

Still having issues.

I have taken NTNAME out of the script. I have added domain users in the distribute list in QEMC.

Applicaiton shows up in my accesspoint view from IE. It then prompts me to login into application. I user a application user name and password, but DIST_ID is not assigned to that USERID.

But from my client on my PC. DIST_ID is assigned correctly to that same USERID.

Should I take out distribute configuration in QEMC?

Section Access using windows users and Network users

Hi Karen,

May I know a little further about your current configuration? I'm sorry but I don't understand your "distribute configuration" and why your section access is not returning the right value for DIST_ID.

Regards.

karensmith
New Contributor

Section Access using windows users and Network users



DIST_ID is assigned to specific USERID. (which is defined in Section access of the script)

The frontend objects use the variable vDist in many calculations.

This actually works when using the application from QV Client, but not IE or AJAX.

I am using Section Access for user variable vDist= DIST_ID.



Section Access using windows users and Network users

Hello Karen,

Are you using some kind of macro to populate that variable? That may make your document work opened in Desktop but not in server, since some macros (actions, triggers) will not work serverside.

Regards.

karensmith
New Contributor

Section Access using windows users and Network users

Not populate the variable, but I was using one to choose a Year value and calendar type. I have tested removing all macros and the result is the same.

The varialbe is populated from the section access



Section Access;
Security:
LOAD * INLINE [
ACCESS, USERID, PASSWORD, DIST_ID, LOGO
//ADMIN, MENA\QlikAdmin, *,*
ADMIN,admin, xxxx

USER,KElzey,aaaa,AVNET, avnet.jpg
USER,KSmith,bbbb,ARROW, murata.jpg

];


Section Application;

LOAD DISTINCT DIST_ID, LOGO Resident Security;



Section Access using windows users and Network users

I see Karen,

You are populating your table from Section Access table, which is whay it's not working. Section Access tables are loaded in a different way so you cannot access them (for the sake of the security).

Just do a normal or inline load instead of using the RESIDENT.

Hope that helps!

Community Browser