Vizlib Teamwork has a range of security options which limit the users access to conversations, from App to conversations associated with specific Values. Qlik Sense’s built-in security is used to enforce the different security options for Vizlib Teamwork. The available options and how to apply them for different conversations are described in this article.
Levels of security options:
App access (default)
Users can only access conversations in applications that the user has access to. App access is the default security option and always enforced.
Streams have Secure Stream option disabled on the default Stream comments. If a Stream is not a Secure Stream, all users have Read and Write access to that Stream. It’s possible to limit user access to only Read access by changing the access type in the Manage Access modal.
Use the Manage Access button to open up the Manage User Access modal. In the Manage User Access modal, it’s also possible to upgrade the access to Admin, which grants users Read and Write access and enables users to delete comments created by other users.
Secure Stream comments will not be accessible unless a user has either Read, Write or Admin access to the Stream.
Use the Manage Access button to open up the Manage User Access modal. In the Manage User Access modal, it’s possible to grant the user Read, Write and Admin access to the specific stream.
NOTE! Write Access also grants Read Access. Admin Access also grants Write and Read Access.
Field access grants Read and Write access to comments associated with the values in the fields users have access to. The type of access depends on the user’s Stream Access role. The stream must have Secure Hierarchy Groups enabled to enforce Field access.
E.g. of Hierarchy Group fields and values. See Hierarchy Groups to learn more about associating comments with fields and values.
A common use case is to set up the Teamwork with one user group (Sales Rep) that can add and view comments only on the lowest level e.g. Region. And another user group (Division Managers) that can post and view comments on all levels. More advanced use cases would include more levels in the Hierarchy Groups. Field access can be successfully combined with Values access to prevent a Sales Rep from seeing another sales reps comments in the same field (Region).
Steps to setup Field access
1. Set up the Teamwork object by Adding Hierarchy Groups.
2. Enable Secure Hierarchy Groups in the Teamwork Stream settings in the VMC. Remember to click the Save changes button and restart Vizlib Server.
3. Field access uses the Hierarchy Access Custom Property, default value VZB_HierarchyAccess. Custom property name can be configured in the Custom Properties section of Teamwork Settings in the VMC.
4. Hierarchy Access Custom Property is created by the Vizlib Server. Add values to VZB_HierarchyAccess in the QMC values corresponding to the Hierarchy Group fields configured in the Property panel of the Teamwork Object.
5. Grant access to users by adding the field values in the VZB_HierarchyAccess Custom Property to the user. NOTE! Multiple users can be selected at the same time.
Only comments associated with the fields the user has access to will be visible. Users that do not have access to the active hierarchy level will see a message that they do not have access to the field and the input will be disabled.
Value access (Section Access)
Value Access is configured with a combination of Section Access with dynamic data reduction and Hierarchy Groups. Vizlib Server will verify the comments associated with the values in the fields in the Hierarchy Groups and only show comments for the values that the user has access to, determined by Section Access.
NOTE! Secure Hierarchy Groups is not necessary to enforce Value access with Section Access.
Example script Section Access
To use the example script below, follow these instructions:
Create a new App and paste the script in the Script Editor
Replace 'YOURDOMAIN\userA', 'YOURDOMAIN\userB' and 'YOURDOMAIN\admin' with existing users in your Qlik Sense environment
Load the application
Add a Bar chart to the sheet with dimension Type and measure Sum([Price])
Add the Teamworkextension to a sheet
Add field Type to the Hierarchy Group A
NOTE! It’s recommended that you enable ‘Require selections’ when using Section Access. It’s not possible to limit access to the comments associated with no selections in the field. Those comments will be visible for all users unless ‘Require selections’ is enabled.
User A will only see comments associated with Type values Red, Orange and Yellow. User B will see comments associated with all Type values except Indigo. Admin will see comments for all Type values.
ACCESS ,USERID ,REDUCTION
USER, 'YOURDOMAIN\userA' ,1
USER, 'YOURDOMAIN\userA' ,2
USER, 'YOURDOMAIN\userA' ,3
USER, 'YOURDOMAIN\userB' ,1
USER, 'YOURDOMAIN\userB' ,2
USER, 'YOURDOMAIN\userB' ,3
USER, 'YOURDOMAIN\userB' ,4
USER, 'YOURDOMAIN\userB' ,5
LOAD * INLINE [
REDUCTION , Type ,Comments
1 , Red , Value
2 , Orange , Value
3 , Yellow , Value
4 , Green , Value
5 , Blue , Value
6 , Indigo , Value
MakeDate(Year, Month, 1) as Date
Type, Price, Year, Month
Red , 100, 2014, 1
Orange , 200, 2014,2
Yellow , 300, 2014,3
Green , 400 ,2014,4
Blue , 500,2014,5
Indigo , 600,2014,6