Section access script help for qliksense - Qlik Community

arusanah · ‎2018-05-21

I need help with section access script for qliksense. I have 3 groups: Group –A, Group-B, Group-C

. My requirement is to load all user from a qvd file. Check if osuser () belongs to one of these groups

//Implementing Security

//Section Access;
Authorization:
Load
'User'as Access,
Group,
    GroupName,
    Upper(Group)&'\'&Upper(GroupName) as USERGROUP,
    objectCategory,
    objectClass,
    DistinguishedName,
    // subfield(subfield(DistinguishedName,'=',4),',',1)as Entity_Code,
     "cn" as UserID,
     Upper(Group)&'\'&Upper(GroupName)&'\'&"cn" as User,
    displayName as [Name]
FROM [lib://QVD/Raw\Active Directory\028_Raw_Active_Directory.qvd]
(qvd);

//Section Application;
NoConcatenate
Load * INLINE [
USERGROUP,       Entity_Code
Group –A ,   *
Group –B , B
Group –C, C
];
Trace 'Autorization Loaded';

I tried two codes but none of them works

******************************* Code 1,

For i=0 to NoOfRows('Authorization')
Let vCount= NoOfRows('Authorization');
     Trace '$(vCount)';-------------------------------------------------Till this point it works fine.
if exists(osuser(),USERGROUP) then
      Let vEntity=Lookup('Entity_Code','UserGroup',OSUSER(),'Authorization');
        Trace '$(vEntity)';
    End If

Next;

*******************************Code 2,

For i=0 to NoOfRows('Authorization')

Let vCount= NoOfRows('Authorization');

Let vUser=subfield(OSUser(),'=',3);

if(UserID='$(vUser)')then

//Let vEntity=Lookup('Entity_Code','USERGROUP',UserID,'Authorization');

Trace 'yes';

End If

Next

But when I try to trace vEntity it shows nothing . Issue is within red piece of code .which I'm not able to replicate

mikaelsc · ‎2018-05-21

osuser() is useless in qlik sense (and i'm not even sure it's a script function)

jonathandienst · ‎2018-05-22

>>But when I try to trace vGroup it shows nothing

Where and when was vGroup defined to anything. If undefined, $(vGroup) will be null.

Logic will get you from a to b. Imagination will take you everywhere. - A Einstein

arusanah · ‎2018-05-22

Hi Jonathan ,

I meant vEntity. I did some modification. in code , please take a look . I will really Appreciate if you can help.

arusanah · ‎2018-05-22

//Section Access;

Authorization:

Load

'User'as Access,

Group,

GroupName,

Upper(Group)&'\'&Upper(GroupName) as USERGROUP,

objectCategory,

objectClass,

DistinguishedName,

// subfield(subfield(DistinguishedName,'=',4),',',1)as Entity_Code,

"cn" as UserID,

Upper(Group)&'\'&Upper(GroupName)&'\'&"cn" as User,

displayName as [Name]

FROM [lib://QVD/Raw\Active Directory\028_Raw_Active_Directory.qvd]

(qvd);

//Section Application;

NoConcatenate

Reduction:

Load * INLINE [

USERGROUP, Entity_Code

GrpA\GROUP-A, A

GrpB\GROUP-B, B

GrpC\GROUP-C, C

];

Trace 'Autorization Loaded';

Let vEntity=Lookup('Entity_Code','USERGROUP',UserID,'Authorization'); ------can anybody help replicate issue in this lookup function --------------

Trace '$(vEntity)';

mikaelsc · ‎2018-05-22

you don't find out. one of the services does (i guess the proxy service)

what you need to do:

-create an application containing all your data (of all your entities)

- add a section access table containing the link between users and the entities

- reload the app

on opening, a user will only be able to see what the section access table defined he's allowed to see (but the application itself contains ALL the data)

https://help.qlik.com/en-US/sense/2.1/Subsystems/Hub/Content/Scripting/Security/sections-in-script.h...

mikaelsc · ‎2018-05-22

sorry, the most relevant ressource is the dynamic data reduction one :

https://help.qlik.com/en-US/sense/2.1/Subsystems/Hub/Content/Scripting/Security/dynamic-data-reducti...

arusanah · ‎2018-05-22

Thanks Mikael. I already found out error in script.

arusanah · ‎2018-05-22

so error as I already knew was in my Lookup function .