Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
It looks like the session logs will show a user session even if he/she does not have section access to the qvw. In our case, we see the socket closed by the client in a minute or two when they can't get through but nothing to indicate access was denied. Can someone confirm? Thanks.
RD
Are you sure that your file-security and/or section access is working properly, for example the restricted mode from section access is enabled? Further I suggest you have a look in the audit-logging, maybe by using the governance dashboard: Governance Dashboard.
- Marcus
Thanks, Marcus. If you mean strict exclusion and initial data reduction based on section access, we are using both. And the user sessions I refer to are listed in the Governance Dashboard. To give a little background, the user has access to Doc A, but not Doc B through section access using NTNAME and one reducing field. The Governance Dash shows audit log activity only for Doc A for the user. The sessions logs , however, show entries for both Doc A and the unsuccessful attempts to access Doc B. The Doc B logs show 0 selections, Cal Type: NONE, Calls = 4 and the same number of small Bytes Sent for each attempt - things consistent with no activity in the qvw.
The section access seems to be working working properly, I just wasn't expecting to see a session for the unsuccessful doc attempts. BTW this is on v11.2 SR9.
Well I'll add a little more information in case anyone has some insights on this. Although the Governance Dashboard and the Usage Analyzer utility (from the Qlik community) both show session entries when the user is denied section access to a document, the session log file does not contain an entry for that session. The Governance Dashboard code is hidden, but the Usage Analyzer tool's is not, and it only reads the session logs. I guess these sessions are built in the interval matching process?