Hi,
first thanks for the feedback, unfortunately I think I did not explain myself or I did not get your answer. Let me give an example, as it might help understand my caneats.
I created Roles with their privileges, associate users to the Roles
* USER01, privileges is that it can see all records of a table named Company
* USER02, privileges is that it will reject all rows from company different from ID <> 1 (in other words, it will see only Company with ID 1)
.
Qlik Sense (tool used by clients) will load all information into memory with a service account with no restricctions at all.
In this case it loads a table called "Company_TABLE"
.
```
COMPANY_TABLE:
Load * INLINE [
COMPANY_ID, NAME
1, Name1
2,Name2
3,Name3
;
```
Qlik in order to implement security restrictions needs a table which tells who can see what
Example:
```
Section Access;
Load * INLINE [
ACCESS, USERID, COMPANY_ID
USER, AD_DOMAIN\USER01, *
USER, AD_DOMAIN\USER02, 1
;
```
Once the application has finished loading, COMPANY_ID is linked with both tables.
USER01, will be able to see all records, as "*" is a wildcard for everything
USER02, will be able to see only records that match COMPANY_ID = 1
The downside of how this tool works in contrast to Tableau as an example, is that it needs to load information. When a user logins to Qlik, the session shows only records that match the "Section Access".
.
How can I create the Session access table for each user in a certain role which will be used by Qlik from denodo?
The worst approach and something I starting to see, is the incompatibility between tools for governance access, either change denodo or Qlik (although client already have Qlik licenses)
The second worst, is that I'm forced to create a NEW view that replicates the roles rules making loss of the advantage of denodo rules being applied on demand when performing query with active session of user (which as explained before in this case it does not apply as the user performing the query will be a service user with no restrictions).
Is there any way to simulate a user session without password or send the "user" as a parameter? Why?, cause if the user is performing the query then denodo rules will apply automatically...is there any doc in your KB that might point me in the right direction?
A bit lost here on how can i overcome this.
Once again thanks for the prompt response