Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
datanibbler
Champion
Champion
‎2015-05-22 03:52 AM

SECTION ACCESS with NTNAME

Hi,

I want to implement SECTION ACCESS in my app with NTNAME so no one has to enter a username and password.

I want to add myself as ADMIN and everyone else as USER.

I guess this won't work with the *. I don't want to try because it might then register myself as USER and effectively lock me out.

Can anybody help here?

Thanks a lot!

Best regards,

DataNibbler

2,647 Views
0 Likes
1 Solution

Accepted Solutions
awhitfield
Partner - Champion
Partner - Champion
‎2015-05-22 05:03 AM

Unlock down forces the lockdown to open in the context of the BATMAN admin user, so you can edit etc, it's as simple as that, we have been using it successfully in the filed for 4 years now

Andy

View solution in original post

1,288 Views
0 Likes
14 Replies
marcus_sommer
MVP
MVP
‎2015-05-22 04:03 AM

Hi DataNibbler,

at first make one/two BACKUP's !!! and yes you need to include all NTNAME's especially the development- and server-user with ADMIN role (per access point are all users only USER). A wildcard won't work.

Section Access

- Marcus

1,288 Views
datanibbler
Champion
Champion
‎2015-05-22 04:15 AM
Author

In response to marcus_sommer

Hi Marcus,

I thought so. Well, that's too bad. The idea behind this was, there will be a number of users - and they might even change over time as we have quite a high personnel fluctuation in some areas. I would like to make this as robust as possible so there won't be any need to regularly adapt it.

The users will need the client because one of the core functions is reloading the script - but I actually don't want the users to be able to do much else, that is the only reason why they'd need the Client - maybe I should instead look at using EDX_triggers and macros to let them use the app via the AccessPoint. I'm just not sure whether that will work reliably because one user might have to reload (part of) the script quite often.

1,288 Views
0 Likes
awhitfield
Partner - Champion
Partner - Champion
‎2015-05-22 04:47 AM

HI DataNibbler,

we have a similar situation to you, have a look at the attached.

1. Open lockdown qvw and the user has restricted access no doc properties or edit script etc, but has reload and save.

2. close the qvw and qv desktop

3. open unlockdown with user name and password BATMAN for both

4. reopen lockdown and you now have access to all!

Lockdown has hidden script, password = BATMAN as follows:

Section Access;

LOAD * INLINE [

    ACCESS, USERID, PASSWORD, NTNAME,      NTDOMAINSID

    ADMIN,  BATMAN,  BATMAN, *,            *

    USER,  *,      *,        *,            *

];

Section Application;

and security tab as:

unlock down has the script

section access;
LOAD * INLINE [
ACCESS, USERID, PASSWORD
ADMIN, BATMAN, BATMAN
];

section Application

Lockdown.qvw
Unlockdown.qvw
1,287 Views
0 Likes
datanibbler
Champion
Champion
‎2015-05-22 04:56 AM
Author

In response to awhitfield

Hi Andrew,

that is a novel approach. I'll give it a think, that might be a solution.

Just to recap so you can tell if I got it right:

So you have created two different qvw files where the one (the lockdown one) automatically opens with USER privileges, so nobody

can mess around in it.

There is another one which I can open with Admin privileges if I need to make any changes.

=> Afterwards, I can make a copy of it and use that to overwrite the old lockdown app.

Is that it?

Thanks a lot!

Best regards,

DataNibbler

1,286 Views
0 Likes
awhitfield
Partner - Champion
Partner - Champion
‎2015-05-22 05:03 AM

Unlock down forces the lockdown to open in the context of the BATMAN admin user, so you can edit etc, it's as simple as that, we have been using it successfully in the filed for 4 years now

Andy

1,289 Views
0 Likes
marcus_sommer
MVP
MVP
‎2015-05-22 05:05 AM

In response to datanibbler

Hi DataNibbler,

for me is these case quite easy then I use DMS as authentication mode with a custom directory and need not to use personalized NT user. I could use functionalized NT user which are only connected to area, region and similar - complete independent which person they use. If a person left the company I don't need to do anything - only if they switch the position inside the company I need to change the password for these user but only within the qmc not in section access.

I won't recommend DMS - it has disadvantages, too. But maybe you could adapt the logic with additionally functionalized users. It's not perfect because the users need two logins but it could be an alternatively.

- Marcus

1,286 Views
0 Likes
datanibbler
Champion
Champion
‎2015-05-22 05:15 AM
Author

In response to awhitfield

That is just great.

I'll test that on my database_app and if it works, that is definitely one worth inserting into our "development_guide", our collection of internal standards.

You should make that into a document or something if you haven't already done so. That's definitely one every developer should know about.

1,286 Views
0 Likes
datanibbler
Champion
Champion
‎2015-05-22 05:27 AM
Author

In response to datanibbler

Seems to work.

Great!

1,286 Views
0 Likes
awhitfield
Partner - Champion
Partner - Champion
‎2015-05-22 05:30 AM

Excellent stuff! Glad it did the trick for you!

Have a good one!!

Andy

1,287 Views
0 Likes