11 Replies Latest reply: Sep 29, 2010 9:05 AM by Miguel Angel Baeyens de Arce RSS

    Section Access using windows users and Network users

    Karen Smith

      I currently have an application that uses section access. User ids are related to a variable vCust. Depending on the user the objects will display data based on customer (vCust) associated to the user.

      Here is my script;


















      Section Access;
      LOAD * INLINE [

      ADMIN, admin, xxx, *

      USER, TSmith, abc, *,DIST1 ------This a local server user that will access via outside our LAN.

      USER, *, *,KSmith,DIST2 ----This is a domain user that will access inside our LAN
      Section Application;

      LOAD DISTINCT DIST_ID, Resident Security;


      We currently use Publisher. The application is scheduled in publisher to reload and distribute job.

      If I use the 'admin' user and reload via the server development client. Application seems to be okay, but from IE the applicaitons just hangs.

      What I don't understand is shoudl the network user connect to Access Point via Network profile and then log into the application. Should the network user be in the distribute list on the server? And, should the local user be in the distribute list on the server?

      How should section access work when combined with Publsher and local server users and network users. What all should be configured?


        • Section Access using windows users and Network users
          Miguel Angel Baeyens de Arce

          Hello Karen,

          You may use the QVUser() built-in function to get the user currently logged into the document to set which objects the user is able to see. Anyway, It's just a comment.

          Regarding your section access, when you use IE plugin, by default it sends your Windows login credentials to the AccessPoint and to the section access, if any, in the document. So there is no need for PASSWORD in those records, since QlikView server will compare the login information with Active Directory and allow or deny access accordingly.

          Bear in mind that when you open a document in the Desktop application, ADMIN and USER ACCESSes are respected. When you access through the server, all users have USER status, even when they have been explicitly declared otherwise in your script (so they won't be able to reload, access the script and so).

          Besides, when you use "*" in section access, it means "all values listed for this field in section access" and they accumulate, so DIST_ID field will have DIST1 and DIST2 for both TSmith and KSmith.

          Basically you are mixing user and password users with Active Directory users, and that's where QlikView doesn't know who prevails or even if they have some correspondence between them.

          If having a user and password to log into the documents is not a problem for your users, I would set all them up without NTNAME, with their correspondents USERID and PASSWORD field, moreover when you are accessing both from local and wide networks. At least, I'd try for testing with this. Once you have that working, you may concatenate another table with corresponding NTNAME records.

          Hope that helps.