Solved: Section Access and Distribution task users denied ... - Qlik Community

chriscammers · ‎2014-09-02

I have a document with Section access implemented.

Version 11.20.12235.0

In section access I have an NT user and data reduction works fine in the desktop version. When the user opens the document the rows are reduced appropriately.

I then set up a distribution task which distributes the file to the user directory and the same NTuser as a named user in the task.

When the user attempts to open the document in access point he is denied access, my administrator users are also denied access in access point.

The user account running the distribution service is also listed in section access as an admin. Is there a special configuration for the service account user that I have to do? It seems like the security is being applied when the Distribution service opens the document and then it loses track of the security for the rest of the users.

Thanks for your help

Chris

chriscammers · ‎2014-09-02

Ok Guys, I don't understand it but I have it fixed.

I unchecked the "Strict Exclusion" check box on the "opening" tab of the document properties.

This solved my issue with the distributed document not being accessible to the designated user.

I've read a few things about this setting and it seems to have some undocumented effects on security.

Could anybody provide some explanation about the strict exclusion setting??

Thanks

Chris

View solution in original post

p_verkooijen · ‎2014-09-02

Hi Chris,

You mention when the user attempts to open the document in the AccessPoint.

What is the error when opening the document ?

Is this check marked or cleared ? If checked, Section Access should be working as configured.

chriscammers · ‎2014-09-02

The error is "Failed to open document, You don't have access to this document"

Yes, The "filter access point document List..." option is checked.

Like I said I only have the issue if I run it through a distribution task, right now the task distributes the document to the user by name, and if I open the source document through the file system everything works fine.

Giuseppe_Novello · ‎2014-09-02

Chris,

For any chance are you loading the USER field and the connection field outside the section access statement?

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

chriscammers · ‎2014-09-02

I'm not loading the user field at all, I'm using NTNAME.

I'm not sure what you mean by the connection field.

My section access tables are somewhat complex but things work properly when I don't try to distribute.

I have a user table

Then a user data group table

Then a user data table(this is the table connected to the original data model allowing me to reduce data by client)

Then I have a set of tables that control application elements

User application Group,

Application strings(provides the field used to show and hide tabs)

Column Reduction(Omits fields from the data model)

Thanks

Chris

chriscammers · ‎2014-09-02

Ok Guys, I don't understand it but I have it fixed.

I unchecked the "Strict Exclusion" check box on the "opening" tab of the document properties.

This solved my issue with the distributed document not being accessible to the designated user.

I've read a few things about this setting and it seems to have some undocumented effects on security.

Could anybody provide some explanation about the strict exclusion setting??

Thanks

Chris

Section Access and Distribution task users denied access