Qlik Community

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Announcements
QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING
cancel
Showing results for 
Search instead for 
Did you mean: 
simon20
Partner
Partner

Use section access to limit a subset of user's permissions?

I have an app that should have the following security rule:

  • If USERID is in table X, they should have ACCESS = USER, and a reduction in what data they see
  • Else, the USERID should see all

I have tried to implement this by doing the following:

Section Access;

// People with limited access, setting their reduction to the fields in the table
AccessTable:
LOAD * FROM [LimitedAccessTable];

// Adding admin access to all other users in user group
Concatenate(AccessTable)
LOAD * INLINE [
ACCESS,USERID,GROUP,REDUCTION
ADMIN,INTERNAL\SA_SCHEDULER,*,*
ADMIN,*,USERGROUP,*
];

The problem here is that users in the first table also get admin access through the second table load. I have tried to limit the second load by using statements like "WHERE NOT EXISTS(USERID)" and adding a third section:
INNER JOIN(AccessTable)
LOAD 
USERID,
MaxString(ACCESS) AS ACCESS
RESIDENT AccessTable
GROUP BY USERID;

None of these work. I think the issue is that the '*' value is not converted to actual user info until after the data load.

Anyone have any idea on how to work around this?

0 Replies