One important thing most of the consultants forget to talk during the requirement gathering stage is about the authentication and authorization.
Authentication is nothing but knowing if the user is the right and authenticated user. It is like asking the question Who are you? Someone should authenticate if the user is correct user. There are many systems available to do this job, where they save the passcode of the user and then they crosscheck the passcode when authentication is requested, and if the passcode is right then it allows the user to enter the system.
Authorization comes into picture only after the user is authenticated. It is like giving permission to access the data. Not all the users should have access to all the data; giving right permission to the users is necessary to maintain the security of the data.
Let us have a look at thefollowing example to understand the difference between authentication and authorization.
Let us assume that you are a supply chain professional and you have joined a manufacturing company. So, when you join a company, the company gives you an employee id. The employee id confirms that you are an authenticated user and that you are allowed to enter the company office.
Now that you are authenticated, it doesn’t mean that you can enter every available department in the company. You may only be allowed to enter the supply chain department, or additionally, the procurement department, which is related to your work, but you may not be allowed to enter the manufacturing unit or any other unit which is not related to your work. This specifies your authorization.
In BI project like Qlik, the users are authenticated using Active directory or any third-party authentication services. The authorization part is taken care by using section access in Qlik.
Authentication and authorization are very important for any project. It is important for a consultant to get the authentication information from the IT team. The IT Team usually handles applications which can provide authentication to Qlik users. The authorization information should be taken from the business users who own the data and know what information should be shared with which user.