Section Access logic works the same way on QlikView Desktop and QlikView Server side. The QlikView application distribution can however trick you , if you are not aware if how it reduces the document. A section access restricted user can appear to get access to more data than expected or get access denied!
In this example the QlikView Server service account and the application developer are expected to get all values in field F1. The application end-user on the other hand has limited access to the field F1.
The application and Section Access works as expected in QlikView desktop client. Developer gets access to all values in F1 and the user gets limited access in the document. The basic 'deployment' flow in desktop will be as below;
- Application is reloaded by Developer
- Application is saved to file by Developer
- Application is opened by User
- Application get reduced based on User's reduction value A
- Application shows limited values in F1 to User as expected
On server side the work-flow will be a bit different, potentially leading to unexpected results for the User.
- Application is opened by the Service user
- Application is reloaded by the Service user
- Data in the QVW file is reduced based the Service user reduction value
- Application is saved to QVW file by the Service user
- QVW is distributed
The distributed QVW file now has reduction values that matches the Service user. In this case it means that REDUCTION field only has ALL as possible value. The User's reduction value A does not exist, and this can lead to two different outcomes when the User opens the application through a web client.
If Section Access: Strict Exclusion is enabled, the User gets access denied since there is no possible data for the User.
If Section Access: Strict Exclusion is disabled, the User gets access to all data in the QVW file since the search for reduction value A does not limit the data.