2 Replies Latest reply: Sep 27, 2016 4:44 PM by Todd Johnston RSS

    Security Rules - Active Directory Groups

    Todd Johnston

      Hello All,

       

      I am attempting to allow Data Export permissions based on Active Directory Groups within Qlik Sense.  I cant seem to determine how to focus on the '.Managers' Active Directory Group. I have tried 'user.groups' and 'user.userDirectory'.  Is there something other than .groups / userDirectory that pings the AD groups within Qlik Sense?

       

      (resource.HasPrivilege("read") and !user.IsAnonymous() and user.roles = "ContentAdmin") or user.userDirectory = ".Managers"

       

      Thank you in advance for any assistance.

       

      Todd

        • Re: Security Rules - Active Directory Groups
          Erik Venema

          Hi!

           

          Have you solved the issue already?

           

          I'm facing a similar problem. In my current project we have a huge AD. When i use the Active Directory connector, Sense automatically assigns a (reference) name to the  Connector. In this case 'EUROPE'. But i wish to distinguish between the different countries by setting up a connector with a filter for that country so that i can refer to a specific connector to set the rules.

          But when i create a connector for, let's say, the Netherlands where all the different departments\groups from the Netherlands are specified it still names the connector 'EUROPE'. I tried using the 'Genereric LDAP' connector and named it to 'Holland' but then there is no match with the users since they are a member of 'EUROPE' and 'Holland' is not known in the AD.

          Assigning rights to each individual group or user is not an option because there are just to many and the user base is to dynamic.