We are investigating security options for qlik sense.
As a starting point, we are considering creating one AD group for all qlik sense users, and then in master data (sql database) defining which user has access to which stream/app. This would give us the flexibility to administer user access in master data ourselves rather than having to ask others to administer multiple AD groups.
We could therefore grant access to all streams to all users in the one AD group, and then use the master data in section access in order to restrict the various apps in the various streams to those users listed as having the appropriate access. Unfortunately, this approach means a user will still see apps he/she does not have access to and also streams where all apps he/she does not have access to. This could make for a very frustrating experience for users.
In qlik view the accesspoint used to suppress apps that section access excluded you from, but this appears to no longer be the case in qlik sense. Is this correct?
Is there any way to load from the master data additional attributes for the AD users that could govern which streams/apps they have access to? I have tried a few things but can only see ways to load separate users from sql ... not additional attributes for users created by another directory connector such as AD.