Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Help with Acces Section / Data Reduction

I'm trying to control acces and set data reduction as per windows user logged on using the following script:
ODBC
CONNECT TO AS400

Section Access;

SQL
SELECT
access,
userid,
password,
ntname,
acesstype
FROM absqvw.qvaccess;

Section Application;

SQL
SELECT
accesstype,
zona
FROM absqvw.zonasacc
The tables look like this:
ACCESSUSERIDPASSWORDNTNAMEACCESSTYPE
ADMINqvadminqvadmin
ADMINdelta\carlosALL
ADMINdelta\jmanuelALL
ADMINdelta\marcALL
USERdelta\amileALL
USERdelta\jordiALL
USERdelta\joseALL
USERdelta\jsantafeALL
USERdelta\qvbioBIO
USERdelta\qvcatCAT
USERdelta\qvespESP
USERdelta\qvexpEXP
USERdelta\qvmadMAD
USERdelta\qvmurMUR
USERdelta\qvsvqSVQ
USERdelta\qvvalVAL
USERdelta\raulALL
ACCESSTYPEZONA
ALL
BIO401
BIO402
BIO403
BIO404
CAT101
CAT102
CAT103
CAT106
CAT108
CAT109
CAT111
ESP101
ESP102
ESP103
ESP106
ESP108
ESP109

I would expect that any user loged in as per column NTNAME would be able to open the document (without entering any credentials) and be restricted to records with a given "ACCESSTYPE"

In case the loggin of the user is not found in NTNAME then QV should ask for a username and a password and I could use qvadmin qvadmin to access the document with no restrictions.
As said, this is what I would expect but unfortunately, the actual result is that I'm not even able to open the document.
What's wrong with me?
I think a lot of beginners (like me) would appreciate if some one could explain how to preceed in a case like that since the explanations in the reference manual are very poor.
1 Solution

Accepted Solutions
Miguel_Angel_Baeyens

Hello Carlos,

Again, anytime you open your session in your laptop, there are some NT credentials. Those may be either  DOMAIN\DomainUserName or COMPUTER\LocalUserName. If you section access has the field NTNAME your credentials will automatically checked with the ones in Section Access. Should they don't match, you will be denied access.

In other words, the following line should grant you access locally

ADMIN     QVADMIN     QVADMIN     *     *

Using the "*" under the NTNAME field.

Anyway, the most secure way to grant you access is get rid of USERID and PASSWORD fields and use all your NTNAMEs (both local and domain).

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

View solution in original post

7 Replies
Not applicable
Author

Hi Carlos,

I think u have to specify the restrictions in section application like if i want to restrict finace dept users except with id 23 and i want to allow all the marketing people then i'll use my script like this ...

section application;

select * inline from

userid,dept,pass

23,finance,allowme

*,marketing,allowus

from qvaccess.qvw

may be the script have some typo's but try in this i mean using specifications of restrictions to restrict using section appliaction like userid/ntname etc. may be it will work

thanks a lot

bradd

prieper
Master II
Master II

Have you tried the fieldnames in capitals?

Peter

Not applicable
Author

Oh yes. Capitals was one of the issues. I needed to adjust 3 things:

- Field names in capitals
- Also capitals for the user names in the external access table
- This external access table has fixed length fields so there are spaces after the user names which need to be removed (Rtrim).

Now the script is this:

Section Access;

SQL

SELECT
Rtrim(access) as ACCESS,
Rtrim(userid) as USERID,
Rtrim(password) as PASSWORD,
Rtrim(ntname) as NTNAME,
ACCESSTYPE
FROM absqvw.qvaccess;

Section Application;

SQL
SELECT
accesstype,
zona
FROM absqvw.zonasacc

and the access table looks like this:

ACCESS

USERID

PASSWORD

NTNAME

ACCESTYPE

ADMIN

DELTA\CARLOS

*

ADMIN

DELTA\JMANUEL

*

ADMIN

DELTA\MARC

*

ADMIN

QVADMIN

QVADMIN

*

USER

DELTA\AMILE

*

USER

DELTA\JORDI

*

USER

DELTA\JOSE

*

USER

DELTA\JSANTAFE

*

USER

DELTA\QVBIO

BIO

USER

DELTA\QVCAT

CAT

USER

DELTA\QVESP

ESP

USER

DELTA\QVEXP

EXP

USER

DELTA\QVMAD

MAD

USER

DELTA\QVMUR

MUR

USER

DELTA\QVSVQ

SVQ

USER

DELTA\QVVAL

VAL

USER

DELTA\RAUL

*

The only thing still not working is the access of the QVADMIN user. I would expect that in case the current windows user is not in the table (NTNAME), it would ask for a user and password but simply says "Access denied to this Qlik View document".


Anyone can figure out why the access of QVADMIN is not working?

Miguel_Angel_Baeyens

Hello,

The ADMIN access is always overridden when you access the document via client (either Desktop - Open in Server, Plugin or AJAX).

Do you have your IE browser configured to pass your current credentials to the server?

In any case, you need to create a NTNAME user for QVADMIN instead of USERID and PASSWORD, since if a NTNAME record exists in Section Access, they will be matched automatically, ignoring any other USERID and PASSWORD combinations.

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Not applicable
Author

Thank you for your reply Miguel Angel.

What I'm pretending is to be able to locally open this document, in any desktop (even out of our NT domain) with full authority using QVADMIN user and QVADMIN password (credentials asked for by Qlikview upon trying to open the document).

Regards,

Carlos

Miguel_Angel_Baeyens

Hello Carlos,

Again, anytime you open your session in your laptop, there are some NT credentials. Those may be either  DOMAIN\DomainUserName or COMPUTER\LocalUserName. If you section access has the field NTNAME your credentials will automatically checked with the ones in Section Access. Should they don't match, you will be denied access.

In other words, the following line should grant you access locally

ADMIN     QVADMIN     QVADMIN     *     *

Using the "*" under the NTNAME field.

Anyway, the most secure way to grant you access is get rid of USERID and PASSWORD fields and use all your NTNAMEs (both local and domain).

Hope that helps.

Miguel Angel Baeyens

BI Consultant

Comex Grupo Ibérica

Not applicable
Author

ok. This is absolutely clear to me now.

Thanks again for your help.