This document show how Data Level Security is implemented in Qliksense.
As per best practice before implementing section access create a backup or duplicate of the app prior to adding any section access statements to the load editor.
Section Access only works on Qlik Sense Server. An app with a valid section access table in the load editor must be on the server and reloaded on the server for the security to take effect. To test different user’s access, you must publish the app to a stream so that you can test logging in as different users to see the effect. Without publishing the app is stuck in the 'my work' of one user and not accessible by other users.
Always load the Section Access table before the rest of the data model.
The Section Access table requires an ACCESS field and a USERID or GROUP field. Under USERID, you will use the userid that the Qlik Sense hub uses to track all users. For default security, it’s likely to be in a DOMAIN\USERID format. I suggest entering the USERID or GROUP reference in all caps as you see below.
If you want any user to see all values in Product name then need to pass '*' for a field value entry in the section access table
Under Section access table the field names should be capitalized as should the data values in those field(s). You don't need to alter your source data, just alias the field name in the section access table to provide a capitalized field name and use the upper() function to put the values in all caps as well.
Security_Tmp: LOAD USERID, ACCESS, “Product name” FROM [$(vLOADSOURCEFILES_PATH) User Access Mapping Table.xlsx] (ooxml, embedded labels, table is [User Access Mapping]);
Section Access; Load Upper(USERID) as USERID, Upper(ACCESS) as ACCESS, Upper ("Product name") as PRODUCTNAME Resident Security_Tmp;
Drop Table Security_Tmp;
In the rest of your data model you must also have the same all caps field names and data values. The way it works is that when a userid logs in, it will act as if the whole app was filtered based on the records with the field values (or combination of field values if you have multiple fields) referenced in the section access table for that USERID. The associative indexing is intact for this action so that all linked tables will likely be filtered based on those same field values.
Section Application; LOAD Upper (“Product name”) as PRODUCTNAME, Sales FROM [$(vSTOREQVD_PATH) ProductData.QVD] (qvd);