Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Good day,
We're experimenting with Section Access.
I've encoutered some issues for which i'm not certain if i made a mistake or it's simply how QV works:
- Applying a non-existing filter on a field
For example:
3 users, each with section access on region
[NTNAME, REGION
userID1, ASIA
userID2, ASI
userID3, AS
]
If region AS doesn't exist any more, userID3 will be able to see both region ASIA an ASI
Will result in no filter at all for this userID3 (if no other filter is applied for the same use).
Is there a fix for this? If the filter doesn't exist, the used should not be able to see anything.
- Applying no filter for user
Will result in user being able to see all regions
The goal is to prevent users not mentioned in section access to open/use the document.
Is there a solution to prevent this?
- Applying a blank filter for user
[NTNAME, REGION
userID1, ASIA
userID2,
userID3, AS
]
Will result in userID2 being able to see all regions.
(* signifies 'all listed values' in section access instead of 'all possible values' as in regular expr.)
Say there are 2 fields Region & Country
Some users should have auth based on region, other on country.
I found an old post how to handle this.
Is there a more straightforward setup possible in QV11 ?
Thanks in advance,
karel
Your right. I didn't define access for any users. Once i created 1 admin these problems are solved. Users not defined in section access or without proper filters get 'Access Denied' when trying to open the document.
Solution:
[ACCESS,NTNAME, REGION
ADMIN,userID1, ASIA
USER,userID2,
USER,userID3, AS
]
userID2 and undefined userID4 now are not able to open the document
Thanks,
You need to check the "Strict Exclusion" under Document Properties - Opening. Then the problems around no filter or blank filter be solve itself.
Further, if you want complex filters, you need to use Generic keys. See more on http://community.qlik.com/blogs/qlikviewdesignblog/2012/10/02/complex-authorization
HIC
Hi Henric,
This setting is already enabled inside the document. Does it work for non-published files?
It does not seem to have any impact on the 'unknown user / no filter, blank filter, wrong filter' issues; enabled or disabled.
I read your post about generic keys, great stuff! I'll implement this solution.
If you want i can mail my QV file, or create an example.
Br,
karel
ps: We're woring with QV 11.20.11643.0 IR.
It could also be that the user for which you are testing has ACCESS='ADMIN'. There are some cases when the reduction isn't made for administrators.
HIC
Your right. I didn't define access for any users. Once i created 1 admin these problems are solved. Users not defined in section access or without proper filters get 'Access Denied' when trying to open the document.
Solution:
[ACCESS,NTNAME, REGION
ADMIN,userID1, ASIA
USER,userID2,
USER,userID3, AS
]
userID2 and undefined userID4 now are not able to open the document
Thanks,