Section Access with a custom userid (NOT OSUser) - Qlik Community

rarora12 · ‎2018-03-15

All,

A custom application has a button "my Dashboard"

The button has a link http://localhost/QvAJAXZfc/opendoc.htm?document=ap_dev%5Cdpp_preprod.qvw&host=QVS%40svrocmdc

Here is the kicker - the link above contains a qvw - but now the user wants to add a userid which differs from the windows os user name

Is it possible to user section access to have the following

1. User wants to login only once when they access the custom application

the user does not want to login again in Qlik - kind of single sign on

2. Section access information lives in the database, not inline as follows

Section Access;

LOAD * INLINE [
USERID,   ACCESS, NTNAME   ,GROUPNAME, REGION,AGENT_ID

*,   ADMIN, 'DPSCSDOM\qlikviewsrc',*,*,*
*,   ADMIN, 'DPSCSDOM\ITCD_Admin',*,*,*
];
LOAD
USERID, ACCESS, NTNAME   ,GROUPNAME, REGION_SEC,AGENT_ID;

select '*' AS USERID, '*' AS PASSWORD,"ACCESS" ,RANK , NTNAME ,RTRIM(LTRIM(UPPER(CONCAT(NTNAME,RANK)))) ,
GROUPNAME, case when groupname in('CENTRAL ADMINISTRATION' ) then 'ANY'
WHEN GROUPNAME= 'REGION' THEN CONCAT(CONCAT(REGION,'|'),'ANY') END AS REGION_SEC ,
CASE WHEN GROUPNAME IN ( 'DPP CASE SUPERVISOR'   ) THEN SUPERVISOR_ID ELSE USERID END AS AGENT_ID
from QLIKVIEW.VW_QV_DPP_SECURITY_ROLES

WHERE RTRIM(LTRIM(UPPER(CONCAT(NTNAME,RANK)))) IN(
SELECT RTRIM(LTRIM(UPPER(CONCAT(NTNAME,MIN(RANK))))) MINRANK FROM QLIKVIEW.VW_QV_DPP_SECURITY_ROLES
GROUP BY NTNAME);

Any ideas?

Thanks

Rick

Peter_Cammaert · ‎2018-03-19

Section Access offers two basic authentication mechanisms:

USERID (& PASSWORD) = Document Security. IDs only live in your document and nowhere else. No SSO is possible, except maybe with the use of external coding. Opening a document will ask for a UserID and Password every time.
NTNAME = External Directory security. IDs live in an external directory and it is up to you to check the proper use of these before passing them on to QlikView services. SSO is possible using AD and other directory services.
(There are also other identification mechanisms, based on for example license number, SID etc. Idon't think they can be used to match your requirements)

You seem to mix these techniques in your code. UserID is always set to '*'. Why?

With respect to your requirement: you want to combine something that typically belongs to the first technique (custom ID not tied to any external authentication system) with something typically provided by the second technique (SSO that relies on an external authentication system and typically passes your ID that is verified during a previous session, to an application without your knowledge). You can do that with a Custom Directory because that is about the only authentication mechanism in which QlikView plays a role (all others happen outside of QlikView) But then you would have to authenticate every time you launch an AP session. Is that OK?

Peter

rarora12 · ‎2018-03-20

Thanks Peter

The 2 options you presented - I would pick the NTNAME

Authenticating every time on launch of an AP Session is ok.

My security access code is definitely wrong and needs help. So I am looking for recommendations from you, please.

The data for the users is stored in the database which is accessed by the sql statement within the section access.

Thanks again for your support and assistance.

Rick