Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Huiying
Partner - Creator III
Partner - Creator III

Is it possible to get reduced data from own account?

Hei,
We have an account from our own service. The account has the right to all data.
The account should be responsible to fetch data on behalf of our end users. Therefore, it needs to be able to query the relevant data according to the end user's security scope.
Is this possible?

Labels (2)
7 Replies
marksouzacosta

Hi @Huiying,

Looks like you need to implement Section Access with OMIT:
Managing data security with Section Access | Qlik Cloud Help

Read more at Data Voyagers - datavoyagers.net
Huiying
Partner - Creator III
Partner - Creator III
Author

Thank you @marksouzacosta for responding.
I suppose OMIT should be in the section access table, right? So we probably mimic only 1 user's section access.
But how can we dynamically mimic all end user's section access in the app for each user session?
Or did I get it wrong?

Or
MVP
MVP

I don't there's any way for an account to mimic another account, at least not in Enterprise. Why are you using an admin-level account to fetch information for users, rather than having users access the information directly?

Huiying
Partner - Creator III
Partner - Creator III
Author

Also, what is your view on this idea:
1. we let the end users get a user session.
2. our backend service opens a new session using the user's credential.
3. the backend service gets' user's selections and query data on behalf of the user.

marksouzacosta

OMIT is one of the features of Section Access, it hides columns from the users. But I think I get it wrong. You may not need it but Section Access should serve you well.

The thing is, you use an account that have access to everything, no restrictions. This will be the ADMIN account. This is the account that will Load your application with data.

Your data needs to have a field that links to the security scope of the users of the application. This will be the field that will restrict the data to the final app users.

It is possible to partially mimic how a user will see the application populated with his data. It is a complex explanation but long story short, you have to comment out the Section Access; and Section Application; statements of your application, load the application and when visualizing the sheets, select the USER.EMAIL that you are trying to simulate. This will give you an idea if the data restriction is working or not. Also check your application Data Model to see if the Section Access table is linking properly to your application Data.

Section Access is a very powerful and advanced feature. It may be hard to figure it out but is totally worth learning it.

Read more at Data Voyagers - datavoyagers.net
Or
MVP
MVP

This sounds like a security nightmare to me, but there's no reason it shouldn't work for testing. However, Qlik gets pretty unhappy when you try to open too many sessions with a single user, so I'm not sure how well it'll work as a large-scale solution.

marksouzacosta

For that scenario I may create an ODAG solution.

Read more at Data Voyagers - datavoyagers.net