1 Reply Latest reply: Apr 18, 2018 5:33 AM by Jakub Holasek RSS

    Filter AD User groups for Users imported from Directory connector

    Jakub Holasek

      Hello ,

      is it possible to filter only relevant AD user groups to import to Qlik? Since our users have large amount of groups the performance while evaluating security rules is very poor.

      The ad sync filter just takes "users" ,is there a way how to pick only groups with specific name? Or do we have to set regular job that would everytime after sync deleted these roles from UserAttributes table?

      Any thoughts?

      THank you

        • Re: Filter AD User groups for Users imported from Directory connector
          Jakub Holasek

          It seems the issue is even in the latest versions.

          My suggestion would be to implement one-time cleaning and then set-up a trigger-procedure so only relevant groups would be stored to Postgre DB.

          Any comments/ suggestions?

           

          /* AD Qlik Groups Cleanup

          * @QS Nov 3.2, Nov 17

          */

          -- Initial cleanup for the roles script

          delete from "UserAttributes" where "AttributeType" ='Group'  AND  lower("AttributeValue"NOT similar to '(non qlik roles)%' ;

          -- Trigger for checking the QS groups only

          CREATE OR REPLACE FUNCTION CheckQlikADGroups() RETURNS TRIGGER AS $$

              BEGIN

           

                      IF (

                           (NEW."AttributeType" ='Group'  AND  lower(NEW."AttributeValue")  similar to '(qlik roles)%' )

                              or

                             NEW."AttributeType" !='Group'

                          ) THEN

                           RETURN NEW;

           

                    END IF;      

                    RETURN NULL;

              END;

          $$ LANGUAGE plpgsql;

           

          CREATE TRIGGER ua_check

          BEFORE INSERT ON "UserAttributes"

              FOR EACH ROW EXECUTE PROCEDURE CheckQlikADGroups();