Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
nsm1234567
Creator II
Creator II
‎2020-07-09 02:31 PM

Qliksense section access no longer working after upgrade to June 2020

Hi there,

I trust you are well.  I've just completed an upgrade to June 2020 which initially seemed successful, but I've now come across a fairly major issue regarding section access.

We currently binary load Qlikview apps into Sense and many of these Qlikview apps contain section access.  This process has been working for 2+ years, but after the upgrade I am 1) unable to binary load any Qlikview app containing section access and 2) unable to open an app where section access was inherited from the Qlikview app.

I'm at a bit of a loss on how to proceed?  We use a custom UDC and I'm wondering if that might be the issue?  Could there be a mismatch between the AD name from UDC and the name in section access?  We've been running the site for a long time and I've never come across something like this.  Our section access in the Qlikview apps is pretty standard.  I'm not actually sure what else to look at.

star is *;
section access;
// Load Customer users and passwords
Load //NT AUTHENTICATION
IF(LEFT([TYPE],1) = 'A','USER','ADMIN') AS ACCESS,
UPPER([USERID]) AS NTNAME,
'S-1-5-21-1250174617-994515119-2130403006' AS NTDOMAINSID,
'*' AS USERID,
'*' AS PASSWORD,
'*' AS SERIAL,
UPPER([USERID]) AS USRKEY,
if(UPPER(RESTRICT1) = 'ALL',null(),UPPER(RESTRICT1)) AS RESTRICT1,
if(UPPER(RESTRICT2) = 'ALL',null(),UPPER(RESTRICT2)) AS RESTRICT2,
if(UPPER(RESTRICT3) = 'ALL',null(),UPPER(RESTRICT3)) AS RESTRICT3,
if(UPPER(RESTRICT4) = 'ALL',null(),UPPER(RESTRICT4)) AS RESTRICT4,
if(UPPER(RESTRICT5) = 'ALL',null(),UPPER(RESTRICT5)) AS RESTRICT5
FROM [$(vSecurity_Path)] (biff, embedded labels, table is [$(vUserSheet)$]);
Load //QLIKVIEW AUTHENTICATION 4 MOBILE
IF(LEFT([TYPE],1) = 'A','USER','ADMIN') AS ACCESS,
'*' AS NTNAME,
'*' AS NTDOMAINSID,
UPPER([USERID]) AS USERID,
PASSWORD,
'*' AS SERIAL,
UPPER([USERID]) AS USRKEY,
if(UPPER(RESTRICT1) = 'ALL',null(),UPPER(RESTRICT1)) AS RESTRICT1,
if(UPPER(RESTRICT2) = 'ALL',null(),UPPER(RESTRICT2)) AS RESTRICT2,
if(UPPER(RESTRICT3) = 'ALL',null(),UPPER(RESTRICT3)) AS RESTRICT3,
if(UPPER(RESTRICT4) = 'ALL',null(),UPPER(RESTRICT4)) AS RESTRICT4,
if(UPPER(RESTRICT5) = 'ALL',null(),UPPER(RESTRICT5)) AS RESTRICT5
FROM [$(vSecurity_Path)] (biff, embedded labels, table is [$(vUserSheet)$])
WHERE UPPER(PASSWORD) <> 'N/A';

Labels (1)
Labels
1,281 Views
0 Likes
1 Solution

Accepted Solutions
nsm1234567
Creator II
Creator II
‎2021-02-03 05:48 AM
Author

In response to rzenere_avvale

The above section access worked in Sense until Nov 2019.  I investigated further, and found that from Feb 2020 this became an issue (confirmed with other customers as well).  There have also been additional changes to this in future releases which have broken compatibility between view and Sense.  What I've seen so far:

  1. From Feb 2020, Binary Loads of Qlikview apps with section access that uses the NTNAME but excludes the domain will fail.  So NTNAME must be in the form DOM\USR or Sense won't be able to binary load.  This also requires SA_SCHEDULER to be included as INTERNAL\SA_SCHEDULER
  2. From Nov 2020, Binary Loads of Qlikview apps with section access that contains the NTDOMAINSID will fail.  Only way around this was to remove the NTDOMAINSID from all of our Qlikview application's 

I'm not sure why Qlik is changing this functionality without documenting it.  I complained to our partner as this breaks interop with Qlikview as one way we've tried to transition users to Sense is to binary load data models from existing Qlikview applications.  The only feedback was that we'd need to remove section access before loading into Sense.

View solution in original post

982 Views
0 Likes
6 Replies
rzenere_avvale
Partner - Specialist II
Partner - Specialist II
‎2020-07-10 03:06 AM

Good morning @nsm1234567 ,

I'm a bit lost here. From which version did you upgrade Qlik Sense? And which QlikView version are you using?

As far as I can recall, NTNAME has not been officially supported on Qlik Sense at least since release 2.0
USERID clause exists on Qlik Sense, but has a different meaning than its counterpart on QlikView.


I can't try right now, but I would have expected that on any release from 2.0 the inherited Section Access from QlikView would not work as expected.

I hope this helps,
Riccardo

1,246 Views
0 Likes
nsm1234567
Creator II
Creator II
‎2020-07-10 05:26 AM
Author

In response to rzenere_avvale

Hi there,

We upgraded from Qliksense November 2019 and our Qlikview version is April 2019 (so we're really not far behind at all).  I've been administering Sense since 2016 and I've never come across issues with inherited section access.  How else are we supposed to handle binary loads of existing Qlikview apps that contain section access?

I rolled back our installation to November 2019 and have had no issues, so it's something in the later releases that is causing the problem.

1,239 Views
0 Likes
AdamBSnotused
Partner - Contributor III
Partner - Contributor III
‎2020-07-10 05:53 AM

In response to rzenere_avvale

Hi

I used to test this aspect on each release because it kept changing... some releases it allowed the section access to remain in the QVW - which was very useful with our Retail clients because they have 10GB+ Apps - so copying to make an App without section access in order to lift to QS was expensive.

You need to get to Qlik support on this.

Account ceded to Insight Consulting
1,231 Views
0 Likes
nsm1234567
Creator II
Creator II
‎2020-07-10 07:16 AM
Author

In response to AdamBSnotused

Hi Adam,

I'm trying to get in touch with our partner but haven't heard back yet.  Contacted another company running Qliksense Feb 2020 and they mentioned they had a similar issue that required them to add the domain to the NTNAME in their section access, so DOMAIN\USER and not just USER with a NTDOMAINSID.  Apparently that fixed the problem for them, so will test that out.  Changing all the section access in our Qlikview environment is a scary proposition, but seems that it's not possible to advance to Feb 2020 and later without that change. 

1,217 Views
AdamBSnotused
Partner - Contributor III
Partner - Contributor III
‎2020-07-10 07:44 AM

In response to nsm1234567

I did not know that... well I know it from my QV/QS security kit but now I need to see if I can find that test QV and see if I had the DOM\USER there or not.  Thanks for letting me know.

Account ceded to Insight Consulting
1,211 Views
0 Likes
nsm1234567
Creator II
Creator II
‎2021-02-03 05:48 AM
Author

In response to rzenere_avvale

The above section access worked in Sense until Nov 2019.  I investigated further, and found that from Feb 2020 this became an issue (confirmed with other customers as well).  There have also been additional changes to this in future releases which have broken compatibility between view and Sense.  What I've seen so far:

  1. From Feb 2020, Binary Loads of Qlikview apps with section access that uses the NTNAME but excludes the domain will fail.  So NTNAME must be in the form DOM\USR or Sense won't be able to binary load.  This also requires SA_SCHEDULER to be included as INTERNAL\SA_SCHEDULER
  2. From Nov 2020, Binary Loads of Qlikview apps with section access that contains the NTDOMAINSID will fail.  Only way around this was to remove the NTDOMAINSID from all of our Qlikview application's 

I'm not sure why Qlik is changing this functionality without documenting it.  I complained to our partner as this breaks interop with Qlikview as one way we've tried to transition users to Sense is to binary load data models from existing Qlikview applications.  The only feedback was that we'd need to remove section access before loading into Sense.

983 Views
0 Likes