Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sebastianfaust
Partner - Creator
Partner - Creator
‎2020-08-04 02:55 AM

Binary Load with Section Access = unsecure

hi all,

i tried the 3 layer secured binary load i found here:

https://www.linkedin.com/pulse/qlik-sense-secured-binary-loads-thomas-trolez

unfortunatly this seems not to be secure as it seems to be.

 

however, what we try to accomplish is that developers only get access to data they are allowed to see.

we built a datamodel with section access. The developers get access to the qvf file so they can perform a binary load.

works like charm. But if they implement their own section access, the section access from the first step gets overwritten.

 

any ideas?

sidenote, i think the mentioned solution is based on qlikview where an admin and a normal user exist. 

but in sense everyone has "admin" rights if he is the owner of the app.

 

602 Views
0 Likes
3 Replies
marcus_sommer
MVP
MVP
‎2020-08-04 08:32 AM

I don't know if it's possible in Sense to allow an user to change an application but to prevent any reloads. I assume that there are ways to configure it. Otherwise there should be a workaround by denying a file-access to the data-source.

The reason for it is that it makes not much sense to implement a labor division between one group of developers which extract/transform the data and build the final datamodel and those which just develop the UI - why should they perform a reload?

- Marcus

558 Views
0 Likes
sebastianfaust
Partner - Creator
Partner - Creator
‎2020-08-04 09:02 AM
Author

In response to marcus_sommer

hi Marcus,

thanks for your reply.

the idea is that the developers can run the script and change parts,

but not to have access to all data.

 

basically, in a perfect world the developers would work completly with test data,

but as we not live in a perfect world, we dont have a test environment.

 

553 Views
0 Likes
marcus_sommer
MVP
MVP
‎2020-08-04 09:50 AM

In response to sebastianfaust

" ... and change parts ..." means to change parts from the script? Then it wouldn't be a classical binary load at all. In this case the use of a binary load should be reconsidered and the common qvd-loads with an appropriate slicing and access rights may be more suitable.

- Marcus

548 Views
0 Likes