Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Vegar
MVP
MVP
‎2018-11-16 03:41 AM

Understanding REDUCTION for the Section Access ADMIN role

I've tried to understand Qlik Sense Section Access ADMIN role by comparing the documentation with my real experiecse. I find the ADMIN role to behave different to what the Qlik Sense Help Managing security with section access says.

ACCESS
Defines what access the corresponding user should have. Access to Qlik Sense apps can be authorized for specified users or groups of users. In the security table, users can be assigned to the access levels ADMIN or USER. If no valid access level is assigned, the user cannot open the app. A person with ADMIN privileges has access to all data in the app. A person with USER privileges can only access data as defined in the security table.

 My experiense is that the ADMIN is affected by the Section Access security table. Am I correct or do I missunderstand the intention of the documentation? Are you experiencing the same SA behaviour? Has this behaviour changed over time?

Example 1:

The admin VEGAR only sees ALPHA = A

 

Section Access;
LOAD * INLINE
[ACCESS,USERID, ALPHA
ADMIN,DOMAIN\VEGAR, A
USER, DOMAIN\USER1, C
USER, DOMAIN\USER1, D
USER, DOMAIN\USER2, E
];
Section Application;

Characters:
Load Chr(RecNo()+Ord('A')-1) as ALPHA autogenerate 26;

 

 Example 2:

The admin VEGAR gets access to C, D and E.

 

Section Access;
LOAD * INLINE
[ACCESS,USERID, ALPHA
ADMIN,DOMAIN\VEGAR, *
USER, DOMAIN\USER1, C
USER, DOMAIN\USER1, D
USER, DOMAIN\USER2, E
];
Section Application;

Characters:
Load Chr(RecNo()+Ord('A')-1) as ALPHA autogenerate 26;

 

Example 3:

The admin VEGAR get access to all ALPHA values.

Section Access;
LOAD * INLINE
[ACCESS,USERID, ALPHA
ADMIN,DOMAIN\VEGAR, 
USER, DOMAIN\USER1, C
USER, DOMAIN\USER1, D
USER, DOMAIN\USER2, E
];
Section Application;

Characters:
Load Chr(RecNo()+Ord('A')-1) as ALPHA autogenerate 26;

 

Vegar
Qlik Community MVP
Labels (6)
584 Views
0 Likes
3 Replies
timpoismans
Specialist
Specialist
‎2018-11-16 04:02 AM

From my own experience, I've noticed the role defined under ACCESS, doesn't influence what my users can see. The only thing that limits/grants access to data is the security table itself.

580 Views
Vegar
MVP
MVP
‎2018-11-16 05:29 AM
Author

In response to timpoismans

@timpoismans There is a difference between USER and ADMIN. If I change the access in  example 3  from ADMIN to USER then I don't get access to any data. 

 

Section Access;
LOAD * INLINE
[ACCESS,USERID, ALPHA
USER,DOMAIN\VEGAR, 
USER, DOMAIN\USER1, C
USER, DOMAIN\USER1, D
USER, DOMAIN\USER2, E
];
Section Application;

Characters:
Load Chr(RecNo()+Ord('A')-1) as ALPHA autogenerate 26;

 

Vegar
Qlik Community MVP
567 Views
0 Likes
timpoismans
Specialist
Specialist
‎2018-11-16 05:46 AM

In response to Vegar

Ah, could be, yes.

I haven't used that kind of Section Access, I never leave a blank concerning my "admin" user.

 

That said, with the previous examples, the security table doesn't look if you have ADMIN or USER access. In my experience that is.

565 Views
0 Likes