Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
aguirre
Creator
Creator
‎2021-04-20 10:42 AM

Section Access:access denied if user in custom sql server UserDirectory

Hello,

I have a user directory with AD domain users and a user directory with users in a sql table.

The app includes following section access:

SECTION ACCESS;

secAccess:
LOAD * INLINE [
ACCESS,NTNAME
ADMIN,MYADDOMAIN\USER1
ADMIN,MYADDOMAIN\USER2
USER,SQLSERVERUSERDIRECTORY\USERSQL
];

I openthe app with a ticket and AD domain I have no problems.

When I try to access with the user in the SQLSERVERUSERDIRECTORY

I get a "Access Denied" message.

I see that USERSQL is among the users with SQLSERVERUSERDIRECTORY

I set a rule to allow the SQLSERVERUSERDIRECTORY to login (so I don't get the PASS not avialable message anymore)

 

Maybe I should try to write section access in a different way or what could I check?

 

EDIT: as I can't cancel this post I rewrite and repost this one as I see the problem  has nothing to do with Sql Server user Directory and I come up with wrong conclusions.

 

 

Labels (1)
Labels
563 Views
1 Solution

Accepted Solutions
aguirre
Creator
Creator
‎2021-04-21 10:39 AM
Author

In response to Nicole-Smith

sorry, for the misunderstanding. The one in red is indeed a user (so SQLSERVERUSERDIRECTORY, is the user directory and USERSQL is a user).

In the end my problem was that SQLSERVERUSERDIRECTORY wasn't authorized to read the stream in which the app was.

Thanks for your time

 

 

 

View solution in original post

492 Views
0 Likes
4 Replies
Nicole-Smith
MVP
MVP
‎2021-04-20 05:26 PM

I'm pretty sure you can't use a directory in section access and need to list all of the individual users.  

529 Views
aguirre
Creator
Creator
‎2021-04-21 03:43 AM
Author

In response to Nicole-Smith

Hello, 

I in my section access this user 

ADMIN,MYADDOMAIN\USER1

 works (and it has user directory):

if I change it to:

ADMIN,USER1

it doesn't work so I guess I need the user directory.

Or maybe you are referring to something else?

515 Views
0 Likes
Nicole-Smith
MVP
MVP
‎2021-04-21 10:34 AM

In response to aguirre

I will try to clear up my explanation. 

This is your section access:

SECTION ACCESS;

secAccess:
LOAD * INLINE [
ACCESS,NTNAME
ADMIN,MYADDOMAIN\USER1
ADMIN,MYADDOMAIN\USER2
USER,SQLSERVERUSERDIRECTORY\USERSQL
];

What it sounds like is the two in blue work, but the one in red doesn't (if I'm misunderstanding here, please let me know).  The reason the blue ones work is because those are actual user names.  It sounds like the one in red is a directory or user group, which is why that isn't working (each user name needs to be listed individually like the ones in blue).

495 Views
0 Likes
aguirre
Creator
Creator
‎2021-04-21 10:39 AM
Author

In response to Nicole-Smith

sorry, for the misunderstanding. The one in red is indeed a user (so SQLSERVERUSERDIRECTORY, is the user directory and USERSQL is a user).

In the end my problem was that SQLSERVERUSERDIRECTORY wasn't authorized to read the stream in which the app was.

Thanks for your time

 

 

 

493 Views
0 Likes