Despite my research on the community, I have not yet found a generic script that allows to set up the access section with ease. (But let me know If you found one). So I wanted to create one that allows me to save time while being able to formulate more advanced rules.
Rules are specified in an Excel file (but it could be modified to load it from another source).
Security strategy based on ACCESS, USERID, OMIT and [YourReductionField] properties.
Two distinct user profiles for the rules (see corresponding sheets in the Excel file) : - “Administrators”, these users are always included in the section access table of every apps, automatically gets the ability to view all values. - “Users”, all the other users with specific reduction rules for multiple applications.
Rules definition by : - Users - Custom user groups (My goal was to no longer have to depend on the IT department for the management of user groups.) - Or both simultaneoulsy
Two different ways to write reduction rules : - Inclusive mode : by listing all the authorized values (qlik default) - Exclusive mode : grants access to all values except some of them (requires to prefix the rule with "[*-]") Warning : I wouldn't recommand to use both logic simultaneoulsy when defining rules for a specific user/group. It's easy to write non sense or conflicting things without being aware of.
Possible input values : - "*" for all values. The script will automatically search for the reduction field in your datamodel and use all corresponding values if it exists. - "value" for a single value - "value1;value2;value3" for multiple values, using a specific separator
Wildcard friendly : you can use generic characters "?" and "*" into values to write "like" rules which is very handy.
You can hide (omit) one or many fields per user and app.
Optionally creates a visible Section Access table in datamodel for audit purposes (see script config section to enable/disable).
Notice : You can easily change the ‘ALL’ alias, multiple values separator, and exclusion prefix in the script config section if you need to.
Quick setup :
Paste or include my script exclusively at the end of your app script. Why ? Because it needs to loop and search for values through already loaded tables to work.
Update variable "SA_CheminExcelDroits" in script config. It must contain the folder name (LIB) to the Excel file location. Example : "SET SA_CheminExcelDroits = 'Security files';"
Identify the field of the data model on which to perform the reduction. Warning : The name of the field and the data it contains must have been loaded in CAPITAL, this prerequisite is imposed by Qlik.
Fill the excel file with all the appropriate rules. Each app is managed in its own sheet whose name must match app name without .qvf extension(case sensitive).
If for some reason you want to disable a rule without deleting it from file, simply put ‘0’ value in the ENABLED column.
The rights file provided contains examples of various rules to help you understand how to fill it correctly. Script comments and variable names are in French, but i’ll take the time to translate it in english if you ask for it. Do not hesitate to give me feedback if you encounter problems or bugs that I have not already identified 🙂