9 Replies Latest reply: Jan 24, 2012 8:45 AM by dario fiorini RSS

    security and privileges

    Ali Hijazi

      Hello I got a qlikview document in which I want to create security privileges

      well I have 2 tables:

      Companies

      Countries

       

      I have four groups:

      Admins

      SYR-Admins

      Finanace

       

      users in the Admins groups are allowed to see everything

      users in Syr-Admins are allowed to see data related to specific countries

      users in the Finanace group are allowed to see data related to specific company

       

      can someone help me how to create this system of security using section access in the script?

        • security and privileges
          Miguel Angel Baeyens de Arce

          Hi,

           

          Are companies within countries or are both tables not associated?

           

          Miguel Angel Baeyens

          BI Consultant

          Comex Grupo Ibérica

            • security and privileges
              Ali Hijazi

              no association

                • Re: security and privileges
                  Miguel Angel Baeyens de Arce

                  Hi,

                   

                  Use two reduction fields in your section access script, something like

                   

                  SECTION ACCESS;
                  
                  LOAD * INLINE [
                  ACCESS, USERID, PASSWORD, CNAME, CODE
                  ADMIN, ADMIN, ADMIN
                  USER, SYRADMIN1, SYRADMIN1, FR
                  USER, SYRADMIN1, SYRADMIN1, UK
                  USER, FINANCE1, FINANCE1, -, 1
                  USER, FINANCE1, FINANCE1, -, 2
                  ];
                  
                  SECTION APPLICATION;
                  
                  Countries:
                  LOAD * INLINE [
                  CNAME, LONGNAME
                  FR, FRANCE
                  UK, UNITED KINGDOM
                  US, UNITED STATES
                  DE, GERMANY
                  SE, SWEDEN
                  -, DUMMY
                  ];
                  
                  Companies:
                  LOAD * INLINE [
                  Name, CODE
                  AAA, 1
                  BBB, 2
                  CCC, 3
                  ];
                  

                   

                  At least one country ("Dummy" in this case) must exist (although only the CNAME field is needed).

                   

                  Go to the Document Properties in the Settings menu, Opening tab and check "Initial Data Reduction Based on Section Access".

                   

                  Hope that helps.

                   

                  Miguel Angel Baeyens

                  BI Consultant

                  Comex Grupo Ibérica

                    • security and privileges
                      Ali Hijazi

                      sounds good but the users and password are related to users of the active directory

                      can we load the users names and email addresses into section access instead of manually creating users and their passwords?

                        • security and privileges
                          Miguel Angel Baeyens de Arce

                          Hi,

                           

                          Yes, you can load them from the AD, using the OLE DB Connect button, OLE DB Providers for Microsoft Directory Services, and setting your AD server there. In section access you will change USERID and PASSWORD fields for the NTNAME field, that must match with the current DOMAIN\USERNAME as returned by the OSUser() function (use a text object, just for testing).

                           

                          What you have to do is to create those groups where the reduction fields apply, one line per value

                           

                          Hope that helps.

                           

                          Miguel Angel Baeyens

                          BI Consultant

                          Comex Grupo Ibérica

                        • security and privileges
                          dario fiorini

                          hello, i have a similar problem.

                           

                          we have many sales agents with a specific sales area and boss of that areas (that are two fields of our qlik document, area ad boss-area). these fields are not strictly linked together, because a sales agent can have more boss (depending on something).

                           

                          i would like to give access to boss areas, so that they can view all of that area and also to the sales agent (that can view only their area).

                           

                          i tried something like this:

                           

                          Section Access;

                          LOAD * INLINE [

                              ACCESS, USERID, PASSWORD, AREACODE, AGENTCODE

                              Admin, ADMIN, ADMIN

                              User, agent-1, agent-1, -, AGENT1

                              User, boss-1, boss-1, BOSS1 

                              User, boss-2, boss-2, BOSS2

                              User, agent-2, agent-2, -, AGENT2

                              User, agent-3, agent-3, -, AGENT3

                          ];

                          Section Application;

                           

                          star is *;

                           

                          LOAD * INLINE [

                          AREACODE, bosscode

                          BOSS1, 001956

                          BOSS2, 001957

                          BOSS3, 001958

                          -, DUMMY

                          ];

                           

                          LOAD * INLINE [

                          AGENTCODE, agentcode

                          AGENT1, 100300

                          AGENT2, 200300

                          AGENT3, 300300

                          AGENT4, 400300

                          ];

                           

                          where 001956 is the value of field "bosscode" in the qlik document for boss area for user "boss-1" and 100300 is the value of field "agentcode" in the qlik document for user "agent-1".

                           

                          something seems to work: boss area "boss-1" is working with access and reduction data, I can login and the field "bosscode" is filtered with the value "001956".

                          But the filter on agent do not work.... I do not know why.

                           

                          Please help me.

                           

                          Thanks!