Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

Announcements
QlikView Fans! We’d love to hear from you.
Share your QlikView feedback with the product team… Click here to participate in our 5-minute survey.
Rules, plus terms and conditions, can be found here.
Not applicable

Section Access AD group

In qlikview can we configure a section access and provide row level security using AD groups rather than user names?

i want the process to more maintainable. i.e. no need for changes in qlikview side

e.g. provide an AD group for a business segment and multiple users under that AD Group can see only that business segment

NTNAME

ACCESS

BusinessSegmentCode

ORG\QlikVWSVC_Dev

ADMIN

*

ORG\BusinessSegment1

USER

0001

ORG\BusinessSegment2

USER

0002

4 Replies

Re: Section Access AD group

You can use groups and user names in the NTNAME field in a section access table. So if you'd rather use AD groups then use those instead of the user names.


talk is cheap, supply exceeds demand
Not applicable

Re: Section Access AD group

from what i have read userid column seems to be mandatory for row level security.

hence the query row level security can be maintained through just ad groups.

if you know any examples of documents detailing this it would be great

thanks

D

Re: Section Access AD group

The USERID & PASSWORD combo does about the same as the NTNAME field with these differences:

  • USERID & PASSWORD will force QlikView to take over authentication but only for this document. You will be presented with a login dialog whenever you try to open the document (AP or QV Desktop).
  • NTNAME relies on Windows entriely for doing the authentication. This must have been done before, otherwise you wouldn't have access to Windows resources. If you approach a QlikView AccessPoint from outside of a Windows domain, you will be presented with a login prompt by your browser as instructed by the Windows server that is running the web server (the authentication solutions are more diverse, but that's not important at the moment). This is usually called SSO because logging in once in a Windows network may give you access to various network resources without logging in again.

If you use these techniques together, you will have double security (Windows account AND local UserID) but the end-user of your document will grow tired of having to log in over and over again. So do not do this unless you have good reasons to do so. And Row level security is not one of those, as you can implement row-level security just the same with just NTNAME and SSO.

BTW where did you read that story about row level security?

Peter

Community Browser