Solved: where can I find more information for "access deni... - Qlik Community

gal_polak · ‎2020-10-18

Hi,

I have one user that get "access denied" message.

but I need to understand why,

when he tries to login to apps with out section access everything is good,

so i'm guessing that it had to do with the section access, but when i check if he was loaded to the section access in the app he does,

where do i start?

how can i debug or get more information ?

gal_polak · ‎2020-10-20

I'm so embarrassed 😓

but the issue was not in the Section access at all..
it was related to the machines.. one machine (the slave) was not able to reach the updated file of users.

If i could i would delete this post.

also nice feature will be to see more details on the access denied error

View solution in original post

QFabian · ‎2020-10-18

hi, i think that 'audit' option on main menu of QMC is for all of that revisions.

QFabian

Vegar · ‎2020-10-18

There is probably something with the SA setup for that user, can you verify that other users can access the application?

Maybe the SA combination for that user is not a valid combination?

Vegar
Qlik Community MVP

gal_polak · ‎2020-10-19

Other users are able to access,

out of 34 users,

only 2 aren't able to access, cant understand why

Vegar · ‎2020-10-19

Please verify that all Section Access fieldnames and field values are stored in UPPER case and that the fields in the data model used by the section access are in UPPER case (name and values). If not then the SA can behave oddly.

If you have a colleague or second account to use for testing then try to replicate the Section Access given to the two users for that test account to see if it gets the same error.

If you do get the same error then there is something with the Section Access setup and you will need to investigate that.

If you are able to access with the test account using the same Section Access setup then the issue lies without of the Section Access setup. Check if user have a license, check if the user is accessing with the same user identity as set in the section access table, maybe this user have a second username in the system that she/he is using. From my experience mismatch in user name is quite common source of error.

Vegar
Qlik Community MVP

gal_polak · ‎2020-10-19

So the problem was fixed, but the fix is weird:

1. I did as you said, and made sure all the columns are in caps,
i had two columns with ("") and removed them - this is one part of the fix.

2. the second part is that only if i load the users from the QVD that i'm preparing before to a table in the model it is working.

SE_TEST:
LOAD
    ACCESS as T_ACCESS,
    USERID as T_USERID, 
    ANCESTOR_ID as T_ANC_ID,
    CAMPAIGN_ID as T_CAMPAIGNID
FROM [lib://QVDDATA (win-ikhbn84dk0h_qlikview)\$(SubFolder)\$(FilePrefix)AllowedUsers.qvd](qvd)
WHERE 1=1;



Section Access;

LOAD
    ACCESS,
    USERID,
    ANCESTOR_ID,
    CAMPAIGN_ID
FROM [lib://QVDDATA (win-ikhbn84dk0h_qlikview)\$(SubFolder)\$(FilePrefix)AllowedUsers.qvd](qvd)
WHERE 1=1;

Vegar · ‎2020-10-19

Is all the content, such as the USERID, in the AllowedUsers.qvd file in UPPER case?

Vegar
Qlik Community MVP

gal_polak · ‎2020-10-19

no actually,

the cotenant him self is not in upper case, i will try to change it and update.

gal_polak · ‎2020-10-20

Just to clarify, you mean that ll the USERID values (all the users) need to be in UPPER CASE?

meaning that if i have a USERID: gal.polak

i need to change it to GAL.POLAK?

this can be little problematic due to the fact we are using OKTA SSO and the usernames are sent to the qlik from 😕

gal_polak · ‎2020-10-20

I'm so embarrassed 😓

but the issue was not in the Section access at all..
it was related to the machines.. one machine (the slave) was not able to reach the updated file of users.

If i could i would delete this post.

also nice feature will be to see more details on the access denied error

where can I find more information for "access denied" like what is the cause?

logs

Section Access