Difficulties with section access - Qlik Community

Report Inappropriate Content · ‎2015-04-14

Hello,

i try to set up a section access for a document for the first time and struggle with it

After some problems with upper case and similar things (seems as if not only fieldnames have to be upper case but field values for reduction too), it now partly works at least.

I still got some trouble with the admin user entry and hope some of you could give me an advice.

I use NTNames loaded from an xlsx file looking like:

ACCESS	NTUSER	BERECHTIGUNG
ADMIN	DOMAIN\user1	*
USER	DOMAIN\user2	Finanzen
USER	DOMAIN\user2	Logistik
USER	DOMAIN\user2	IT

The document with the section access script does not have a restriction setting in the document properties, but is loaded with binary load into another one - user1 also is the developement user

After binary load the final document has data reduction checked.

When opening the document on access point and User2 only sees his 3 departments regardless of "Strict Exclusion" checked or not.

But i user1 is not working there - if i check Strict Exclusion, the admin user gets an error telling he has no access at all but at least sees the document at the access point - if i uncheck it he has full access on all departements, not only the 3 which are granted by the * - wildcard if i understand the help correctly.

Other users dont see the document at all at access point, so i guess that user1 is at least recognised with his nt name.

On the other side, documentation says, ADMIN users should always see everything - or at least the 3 wildcarded departments

Can anyone explain what went wrong here or where i made some mistakes ?

Ooh and is there a way to hide complete sheets based on section access ?

morganaaron · ‎2015-04-14

When you say your field values are in uppercase, the example you've posted there they aren't - are you using an UPPER() command on the field? And is the field in your data also uppercase? If not, they won't match. What happens when strict exclusion isn't ticked is if it can't find an association for the user, it'll load everything. When ticked, if it can't find an association, it'll exclude them completely.

Sounds to me like it's not matching the field values. What format is the field in your section access and in your model?

Anonymous · ‎2015-04-14

ACCESS	NTUSER	BERECHTIGUNG
ADMIN	DOMAIN\user1
USER	DOMAIN\user2	Finanzen
USER	DOMAIN\user2	Logistik
USER	DOMAIN\user2	IT

dont use * just keep it blank. * some time dose not work.

Thanks

BKC

Anonymous · ‎2015-04-14

or use ,

Star is *;

section access;

Load * INLINE [USER, USERID,PASSWORD,FILEDNAME

ADMIN,ADMIN,ADMIN,*

USER,USER1,USER1,UK

USER,USER2,USER2,USA

];

section application;

Re: Re: Star is *

Thanks

BKC

Report Inappropriate Content · ‎2015-04-14

Thank you for your input.

yes, i put everything into upper cases to avoid mistakes because of sloppy excel entries. (although ntnames shouldnt matter)

Section Access;

LOAD

ACCESS,

UPPER(NTUSER) as NTNAME,

Upper(BERECHTIGUNG) as %BERECHTIGUNG

FROM

[..\0_ExcelFiles\Controlling\Finanzreporting\Config\Zugriffsverwaltung.xlsx]

(ooxml, embedded labels);

and for the reduction field i did the same.

it seems there is only a problem with the wildcard - user. The reduction works perfectly for user2, it just doesnt work with the asterisk.

I already tried User1 with "blank reduction". It was the same result as with asterisk, no access at all under strict exclusion at full access without.

I cannot see any difference for normal users with the strict exclusion - option.

So i guess the easiest solution for me would be to keep it unchecked as it doesnt seem to have influence at user type permissions and the admin should see every department nevertheless

/edit

ok found out whats "wrong"

Under Security the option "no restriction for admin" was not checked.

After checking this, User1 sees the 3 departments defined by asterisk.

So if i conclude

ADMIN + asterisk - reduction + strict exclusion + admin no restriction security = all allowed reduction values

ADMIN + asterisk - reduction + strict exclusion = no access to document

ADMIN + asterisk - reduction + without strict exclusion = full access to document

Weird enought but that seems to do the job now

manojkulkarni · ‎2015-04-14

HI Noster80

code provided by balkumarchandel‌ I have used same in my applications.

Star is *;

section access;

Load * INLINE [USER, USERID,PASSWORD,FILEDNAME

ADMIN,ADMIN,ADMIN,*

USER,USER1,USER1,UK

USER,USER2,USER2,USA

];

section application;

Pls could you post you sample app with just section access code, so we can have look at it.

morganaaron · ‎2015-04-14

Glad it's fixed - can I ask what version of Qlik you're using? I've not known of the "no restriction for admin" option before..!

manojkulkarni · ‎2015-04-14

i think he is talking about the option "Admin Override Security" in security tab of document properties

morganaaron · ‎2015-04-14

As far as I was aware, that was used to allow admins to undertake restricted tasks for users, such as accessing properties, reloading, editing script etc. and shouldn't have altered what they can/can't see in terms of data though. I may be wrong?!

Report Inappropriate Content · ‎2015-04-14

Makes sense - using german version and translating the names freely to Denglish

Its definitly the last option at the document security tab