Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Live today at 11 AM ET. Get your questions about Qlik Connect answered, or just listen in. SIGN UP NOW
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2010-06-16 11:55 AM

Default user in Section Access

Hi,

Is it possible to define a default user in Section access?

What I'm trying to accomplish is that a number of named users (NTNAME) should see a sheet that is hidden for everyone else without having to specify it for every NTNAME. So if a user isn't named in Section access he or she should get a default access level.

Thanks

🙂 Fredrik

5,373 Views
1 Solution

Accepted Solutions
Not applicable
‎2010-06-16 02:08 PM
Author

Fredrik,

If I understand you correctly, then everyone has access to the document and you just want to use section access to control exactly what they see?

I believe section access searches for a match 'top down' in terms of how the rows are presented to it and the first positive match terminates the search. I think by having a column, called for example 'SeeHidden' then those people you want to see it are defined with their true NTNAME and a value of 'Y' for the column. Anyone you dont want to see the hidden column you use '*' in every column (NTNAME for example) and a value of 'N' for 'SeeHidden'. Its important this row follows any specifically named users. The '*' does of course mean 'all' and needs to be declared in the script with

Star is *;

Hope this helps,

Gordon

View solution in original post

1,387 Views
0 Likes
23 Replies
Not applicable
‎2010-06-16 02:08 PM
Author

Fredrik,

If I understand you correctly, then everyone has access to the document and you just want to use section access to control exactly what they see?

I believe section access searches for a match 'top down' in terms of how the rows are presented to it and the first positive match terminates the search. I think by having a column, called for example 'SeeHidden' then those people you want to see it are defined with their true NTNAME and a value of 'Y' for the column. Anyone you dont want to see the hidden column you use '*' in every column (NTNAME for example) and a value of 'N' for 'SeeHidden'. Its important this row follows any specifically named users. The '*' does of course mean 'all' and needs to be declared in the script with

Star is *;

Hope this helps,

Gordon

1,388 Views
0 Likes
Not applicable
‎2010-06-17 05:05 AM
Author

In response to

Hello Gordon,

Thanks for your reply. I tried your solution but the '*' users sees everything.

Cheers

Fredrik

1,387 Views
0 Likes
Not applicable
‎2010-06-17 05:45 AM
Author

In response to

Fredrik,

Dont forget that 'section access' is used to automatically reduce the data the user can see, so we need to make the value in the column available in 'section application'. We can do this like so:

star is *;

SECTION Access;

[Access Control]:
LOAD NTNAME,
NTDOMAINSID,
SEEHIDDEN
FROM ...

SECTION Application;

[User detail]:
// Make user attributes visible
LOAD SEEHIDDEN
RESIDENT [Access Control];

Now you can use the SEEHIDDEN column to condition the 'show sheet' with

SEEHIDDEN = 'Y'

Regards,

Gordon

1,387 Views
Not applicable
‎2010-06-21 04:48 PM
Author

In response to

Hello Gordon,

Does this work for you? I tried it and I get the same result as before.

Cheers

Fredrik

1,387 Views
0 Likes
Not applicable
‎2010-06-21 07:38 PM
Author

In response to

is 'section access' turned on in the document properties> open?

I use this technique quite frequently.

Gordon

1,387 Views
0 Likes
Not applicable
‎2010-06-23 04:41 AM
Author

In response to

Hello Gordon,

Yes, 'section access' is turned on. The '*' user is prompted for username and pwd. The '*' user should be able to open the document as there were no section access.

Cheers

Fredrik

1,387 Views
0 Likes
Not applicable
‎2010-06-23 09:12 AM
Author

In response to

Hi again,

I tried it again and found a typo in the access table.. Now it works 🙂

Thanks for your help!

Fredrik

"If it doesn't work, try again!"

1,387 Views
0 Likes
Not applicable
‎2010-09-01 06:38 AM
Author

In response to

Hi,

I'm picking up this thread. I'm trying to achieve same thing as Fredrik, i.e. to give a default user more access than a named user by access rights defined in the section access. From what I can conclude from testing a bunch of cases, this is how it works:

1 - (If named user and default user (*) both are defined as ADMIN or both defined as USER: The user will gain the broadest access possible from the combination of the two access definitions.

2 - (If named user is defined as USER and default user (*) is defined as ADMIN: the user will gain the rights defined to default, i.e. the ADMIN rights overwite the USER rights.

Given that the named user is a USER, this basically means that if the default user in NOT ADMIN and if the default user is given access to a smaller data set, everything will work fine. However, if the default user is ADMIN or if the defined access is wider than for the named user (what I´m trying to achieve), it will not work. Does anyone have a good work-around to solve this problem?

Thanks,
David

1,387 Views
0 Likes
Not applicable
‎2010-09-01 07:05 AM
Author

In response to

Hi David,

As I mentioned before, I think the access rights are granted on a top down approach which terminates the search so if what you are seeing contradicts this then I am surprised.

I'm not quite sure what you are trying to achieve but I think its a bad idea for a default user to have ADMIN access. I would ensure that any access to an ADMIN enabled profile always had a definite authentication.

Regards,

Gordon

1,387 Views
0 Likes