1 Reply Latest reply: Nov 19, 2015 7:01 PM by Greg Thomas RSS

    Section Access

    Greg Thomas

      Hi,

       

      I’m having trouble getting Qlik Sense to do even basic security, hopefully someone can help.

       

      I want to restrict users to viewing data for just their home cities in an app based on their AD group. However managers typically manage two cities and the general manager needs to see all cities.

       

      City

      AD group

      Manager

      General Manager

      B

      B_employees

      Kate

      Mark

      C

      C_employees

      Sam

      Mark

      D

      D_employees

      Kate

      Mark

      H

      H_employees

      John

      Mark

      M

      M_employees

      John

      Mark

      P

      P_employees

      John

      Mark

      S

      S_employees

      Sam

      Mark

       

      It works for one assignment but  if I try to use two assignments I either 'denied' or 'unknown error', e.g.

      SecurityTable1:

      Load * InLine [

      ACCESS, USERID, LINK1

        USER, DOMAIN\John, M

        USER, DOMAIN\John, H

      ...

        ADMIN, DOMAIN\Greg

        ADMIN, INTERNAL\sa_scheduler

        ];

       

      SecurityTable2:

      Load * InLine [

      ACCESS, GROUP, LINK2

        USER, P_employees, P

      ...

      //
      Section Application;

       

      SecLinkTable1:
      Load * InLine [
      LINK1, City
        P,  PCity

      ...

       

      They work individually but not in combination(s).

       

      Additionally, if I use the OMIT option I get ‘incomplete visualisation’ for the table/chart when I specify a dim, but nothing if I specify a defined dim from Master Items. Is this a bug?

       

       

        • Re: Section Access
          Greg Thomas

          With help from our Qlik guy Stephen, we resolved the issue.

          The key is using both USERID & GROUP in the same table with the alternate field populated with asterisk.

          Seems it is necessary to use the subfield() technique in 2.1, this generates a separate row for each code.

           


          //
          Section Access;

          set vAllCities = 'D,S,M,H,A,P,C,B';

          Authorisation:

          // Grant 'sa_scheduler' admin to enable data reload task
          load ACCESS ,USERID ,GROUP ,subfield(CITYCODE, ',') as CITYCODE
          inline
          [ACCESS,  USERID,  GROUP,  CITYCODE
          'ADMIN' ,'INTERNAL\sa_scheduler' ,'*' ,"$(vAllCities)"
              ];


          // Load user list from secure .xls
          LOAD
              "Access"    as ACCESS,
              "UserID"    as USERID,
              '*'                as GROUP,
              subfield("City Code", ',')   as CITYCODE
          FROM [lib://QSContent/App Access by user.xlsx]
          (ooxml, embedded labels, table is Sheet1);


          // default users to their home state
          CONCATENATE(Authorisation)
          LOAD *
          INLINE [
            ACCESS, USERID,  GROUP,   CITYCODE
            USER,  *,  D_employees, D
            USER,  *,  S_employees, S
            USER,  *,  B_employees, B
            USER,  *,  C_employees, C
            USER,  *,  A_employees, A
            USER,  *,  H_employees, H
            USER,  *,  M_employees, M
            USER,  *,  P_employees, P
            ];

          //
          Section Application;
          SecLinkTable:
          Load * InLine [
          City,  CITYCODE
            D,  D
            S,  S
            B, B
            C, C
            A, A
            H, H
            M, M
            P, P
            ];

           

           

          Hopefully this will be of help to other newbies.