Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi community
I'm wondering about the behaviour of Section Access (Qlik Sense November 2019)
To illustrate the questions, let's load a table with two fields and two rows :
And now, playing with Section Access
Comments :
Here the different tests, and the results (green = seems ok to me / orange = strange)
It looks like:
- Wild character (*) relies on authorizations that are specifically defined for other users (case 4). Impact : a USERID with ACCESS * will not have access to all data, but only data that are provided to other restricted users (case 2) - It might have a huge impact on designing app and their integration.
- If a user has an access "ADMIN" and there is a mistake in the KEY field, he will have access to all data (case 6)
I would like to know if these behavior
Thanks
If I am the only user & I set ADMIN / *=> I get all data
If I add a user with access to A, and I'm still ADMIN / *, I have access to A only
Weird, isn'it ?
No it's not. The qlik behavior is as designed, so it's not weird. But may be it is weird that, our explanation is not clear enough and every time we find a behavior that can't be justified with explained the previous discussion. Let me try to explain this '*' and ADMIN combination in a better term.
For ADMIN, '*' means all the values that other users have access to (.i.e - all the values mentioned in the section access table). Given the fact that, if there is no access for other users, then it's ALL access for ADMIN.
For USER, '*' means all the values that are mentioned in the section access table. And no access here means, no access. That means, the meaning of '*' is NOT ambiguous, it's always 'all the values in the section access table'. Only fact to consider, is that for ADMIN, it can't be no access (for obvious reason) at any point of time - if it's becomes so implicitly, it would become ALL access.
Also to note:
Hope, this covers all possible scenarios.
Tresesco, Tm_burgers,
Many thanks for your explanations and the time you spent for them. You explained the rule very clearly, and it perfectly covers the different cases I can imagine.
I still do not understand the reason why the rule has been designed that way (usually, any Qlik's design is cristal clear to me). I think the best explanation is the sentence "for ADMIN, it can't be no access (for obvious reason)", even if I do not find any "obvious" reason. I will think about it in the future 😉
I give the solution to the previous post of Tresesco, as the summary of the rule should be helpfull for all members of the community. But thanks to both of you 🙂
"obvious reason" -
Section access is actually legacy concept that is coming from qlikview. And in qlikview desktop (strict exclusion - enabled) if you don't have access to data of the application you are locked out. And admin being locked out means the application is lost. However, in qlik sense you still can open the file with no-data and modify your script.