4 Replies Latest reply: May 1, 2016 12:15 PM by Peter Cammaert RSS

    Section Access AD group

    Dilip R

      In qlikview can we configure a section access and provide row level security using AD groups rather than user names?

      i want the process to more maintainable. i.e. no need for changes in qlikview side

      e.g. provide an AD group for a business segment and multiple users under that AD Group can see only that business segment

       

      NTNAME

      ACCESS

      BusinessSegmentCode

      ORG\QlikVWSVC_Dev

      ADMIN

      *

      ORG\BusinessSegment1

      USER

      0001

      ORG\BusinessSegment2

      USER

      0002

        • Re: Section Access AD group
          Gysbert Wassenaar

          You can use groups and user names in the NTNAME field in a section access table. So if you'd rather use AD groups then use those instead of the user names.

            • Re: Section Access AD group
              Dilip R

              from what i have read userid column seems to be mandatory for row level security.

              hence the query row level security can be maintained through just ad groups.

              if you know any examples of documents detailing this it would be great

               

              thanks

              D

                • Re: Section Access AD group
                  Peter Cammaert

                  The USERID & PASSWORD combo does about the same as the NTNAME field with these differences:

                   

                  • USERID & PASSWORD will force QlikView to take over authentication but only for this document. You will be presented with a login dialog whenever you try to open the document (AP or QV Desktop).
                  • NTNAME relies on Windows entriely for doing the authentication. This must have been done before, otherwise you wouldn't have access to Windows resources. If you approach a QlikView AccessPoint from outside of a Windows domain, you will be presented with a login prompt by your browser as instructed by the Windows server that is running the web server (the authentication solutions are more diverse, but that's not important at the moment). This is usually called SSO because logging in once in a Windows network may give you access to various network resources without logging in again.

                   

                  If you use these techniques together, you will have double security (Windows account AND local UserID) but the end-user of your document will grow tired of having to log in over and over again. So do not do this unless you have good reasons to do so. And Row level security is not one of those, as you can implement row-level security just the same with just NTNAME and SSO.

                   

                  BTW where did you read that story about row level security?

                   

                  Peter