Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-04-27 10:35 AM

Section Access AD group

In qlikview can we configure a section access and provide row level security using AD groups rather than user names?

i want the process to more maintainable. i.e. no need for changes in qlikview side

e.g. provide an AD group for a business segment and multiple users under that AD Group can see only that business segment

NTNAME

ACCESS

BusinessSegmentCode

ORG\QlikVWSVC_Dev

ADMIN

*

ORG\BusinessSegment1

USER

0001

ORG\BusinessSegment2

USER

0002

6,527 Views
0 Likes
4 Replies
Gysbert_Wassenaar
MVP
MVP
‎2016-04-27 12:09 PM

You can use groups and user names in the NTNAME field in a section access table. So if you'd rather use AD groups then use those instead of the user names.


talk is cheap, supply exceeds demand
4,308 Views
0 Likes
Not applicable
‎2016-04-27 01:20 PM
Author

In response to Gysbert_Wassenaar

from what i have read userid column seems to be mandatory for row level security.

hence the query row level security can be maintained through just ad groups.

if you know any examples of documents detailing this it would be great

thanks

D

4,308 Views
0 Likes
Peter_Cammaert
Partner - Champion III
Partner - Champion III
‎2016-05-01 12:15 PM

In response to

The USERID & PASSWORD combo does about the same as the NTNAME field with these differences:

  • USERID & PASSWORD will force QlikView to take over authentication but only for this document. You will be presented with a login dialog whenever you try to open the document (AP or QV Desktop).
  • NTNAME relies on Windows entriely for doing the authentication. This must have been done before, otherwise you wouldn't have access to Windows resources. If you approach a QlikView AccessPoint from outside of a Windows domain, you will be presented with a login prompt by your browser as instructed by the Windows server that is running the web server (the authentication solutions are more diverse, but that's not important at the moment). This is usually called SSO because logging in once in a Windows network may give you access to various network resources without logging in again.

If you use these techniques together, you will have double security (Windows account AND local UserID) but the end-user of your document will grow tired of having to log in over and over again. So do not do this unless you have good reasons to do so. And Row level security is not one of those, as you can implement row-level security just the same with just NTNAME and SSO.

BTW where did you read that story about row level security?

Peter

4,308 Views
0 Likes