Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

How to best limit access to a field/column?

If we have a situation where we have have certain fields, for instance customer contact details, that we want to make sure only authorised users are able to access is there a simple way to do this?

From what I have understood of section access you can use OMIT to prevent specific users from viewing specific fields. But as we have multiple users, most of whom would not be permitted to view those fields it seems that can become a bit cumbersome. Is there any way to make it into a whitelist system such that no rows are hidden for any users, but e.g. phone numbers are hidden unless the user is listed as part of the outbound team?

It is assumed that the client application runs in an Ajax environment, some users have CAL access, other are named users, there are multiple fields to restrict and none is to be given access to the restricted fields unless explicitly stated.

How would one solve this problem in a way that is easy to maintain for developers and administrators alike?

4 Replies
marcus_sommer

Yes, to implement section access will need some effort but it is the only way with a single application. If you used however two or more slightly different applications and restricted the access on application-level you could implement such a white-list approach. But it meant more effort to maintenance and system-ressources.

- Marcus

Not applicable
Author

I do use several applications, although most of them gets their data form a binary load so the access rights can be spread that way (as long as users are not allowed to download the applications that should not be a security issue right?)

I guess setting up OMIT groups as per Qlik Tips: Blocking user access to a field using OMIT would reduce the effort needed to prevent most of the users from seeing a handful of fields, but I assume that means there is no default user privilege and that all users must be assigned to a group or see nothing at all? I guess it's not that bad, only a little bit more job than I had hoped for

marcus_sommer

Sometimes it it useful to apply a DUMMY user - http://community.qlik.com/message/481875#481875 - and/or to create a loop or join to assign all users, see this example (it's not really section access but what approach could be done):

t1:

Load 'Dummy' as User Autogenerate 1;

     join

Load distinct Firma From xyz;

concatenate (t1)

Load * Inline [

User, Firma

Hans, 10

Hans, 20

Hans, 30

Sepp, *

....

];

- Marcus

Anonymous
Not applicable
Author

Encrypt QVD input file.