Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi community
I'm wondering about the behaviour of Section Access (Qlik Sense November 2019)
To illustrate the questions, let's load a table with two fields and two rows :
And now, playing with Section Access
Comments :
Here the different tests, and the results (green = seems ok to me / orange = strange)
It looks like:
- Wild character (*) relies on authorizations that are specifically defined for other users (case 4). Impact : a USERID with ACCESS * will not have access to all data, but only data that are provided to other restricted users (case 2) - It might have a huge impact on designing app and their integration.
- If a user has an access "ADMIN" and there is a mistake in the KEY field, he will have access to all data (case 6)
I would like to know if these behavior
Thanks
If I am the only user & I set ADMIN / *=> I get all data
If I add a user with access to A, and I'm still ADMIN / *, I have access to A only
Weird, isn'it ?
No it's not. The qlik behavior is as designed, so it's not weird. But may be it is weird that, our explanation is not clear enough and every time we find a behavior that can't be justified with explained the previous discussion. Let me try to explain this '*' and ADMIN combination in a better term.
For ADMIN, '*' means all the values that other users have access to (.i.e - all the values mentioned in the section access table). Given the fact that, if there is no access for other users, then it's ALL access for ADMIN.
For USER, '*' means all the values that are mentioned in the section access table. And no access here means, no access. That means, the meaning of '*' is NOT ambiguous, it's always 'all the values in the section access table'. Only fact to consider, is that for ADMIN, it can't be no access (for obvious reason) at any point of time - if it's becomes so implicitly, it would become ALL access.
Also to note:
Hope, this covers all possible scenarios.
Based on your example it is working as designed; any user with Admin access will see all data fields regardless of what is in the "Key/Reduction" field.
It is a known and documented case about * meaning all available key fields defined within the Section Access table.
See the below documentation:
https://community.qlik.com/t5/Qlik-Design-Blog/A-Primer-on-Section-Access/ba-p/1465766
This is "working as designed". Two important points to understand:
- ADMIN user has access to all data
- '*' in field means (for USER) all the values of the field that are mentioned in section access and not necessarily ALL from the field itself.
There are many good articles on section access you can refer, like:
Thanks for your reply and for the links (that are Qlikview oriented, not Qlik Sense)
I don't understand your answer "ADMIN user has access to all data" 🤔
This is confusing, isn't it ?
Thanks
Yes ok, this is a "best practice" and it helps me for a better integration. 🙂
But it does not explain the behavior of the tool...
Does this make sense ?
I could understand :
But here, there is a strange mix (?)
For ADMIN,
No match in value/ '*' / nothing (i.e. - no value in the reduction field) -> All values
Specific value->Specific value.
You are right. As I already mentioned above that nothing (null - your hypothesis) gives access to all data.
Mmmm next step in the process...
If I am the only user & I set ADMIN / *=> I get all data
If I add a user with access to A, and I'm still ADMIN / *, I have access to A only
Weird, isn'it ?