Skip to main content

QlikView App Dev

Discussion Board for collaboration related to QlikView App Development.

Announcements
Action-Packed Learning Awaits! QlikWorld 2023. April 17 - 20 in Las Vegas: REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

How to set up a user with all data access? (Data Reduction Based on Section Access is enabled)

Hi all,

I'll use an example to make the problem clear:


Section Access;

Star is *;

UserAccess:
LOAD * INLINE [
ACCESS, USERID, PASSWORD, DEPARTMENT
ADMIN, a1, a1,
USER, u1, u1, D1
USER, u2, u2, D2
USER, u3, u3, *
USER, u4, u4
];

Section Application;

Departments:
LOAD * INLINE [
DEPARTMENT
D1
D2
D3
D4
D5
];


The result is the following:

a1 has access to all departments,

u1 has access to department D1,

u2 has access to department D2,

u3 has access only to departments D1 and D2,

u4 doesn't have any access ("Access denied to this QlikView document").

So I can't set up a USER (not ADMIN) with access to all departments. As you can see I tryed both * and null in DEPARTMENT field. But it doesn't work. Is it bug or feature? Maybe it works different on server? I'm using QlikView 9 SR2.

1 Solution

Accepted Solutions
jsn
Employee
Employee

This is working as designed. If you have strict exclusion turned on and a reduction can't be made (as for a1, u4 and u5) the user will be denied access. If the Access level is ADMIN though, all data will be displayed. Here's an excerpt from the reference manual regarding Strict Exclusion:

This means that access to the document will be denied whenever the field values in
the section access reduction fields lack matches in their corresponding
section application field. This, however, does
not apply for users with Admin status, who instead will see
the unreduced data set if there are no matches.

Also, when accessing the document through client/server, all client connections will be considered USERs so even if you have ADMIN level access in the section access, the user will get USER level access when opening the document from QVS using any of the clients.

View solution in original post

4 Replies
Not applicable
Author

1) First,

can you try to add the following line
USER, u5, u5,
that is to say, the same line than the ADMIN one ? There is a difference (comma) between a1 and u4

2) What version of SR2 are you using ? Is it the 9.00.7320.7 ? If not, please download the SR2 again.
The first SR2 release had a bug about the DMS (security in the qvw) on a server. So maybe it's your problem.

Regards

Not applicable
Author

Bertrand, thank you for the answer.

1. I changed load script to the following:


UserAccess:
LOAD * INLINE [
ACCESS, USERID, PASSWORD, DEPARTMENT
ADMIN, a1, a1,
USER, u1, u1, D1
USER, u2, u2, D2
USER, u3, u3, *
USER, u4, u4,
USER, u5, u5
];


But neither u4 nor u5 doesn't have access to the file.

2. I've just downloaded build 9.00.7320.7. The problem remains the same.

jsn
Employee
Employee

This is working as designed. If you have strict exclusion turned on and a reduction can't be made (as for a1, u4 and u5) the user will be denied access. If the Access level is ADMIN though, all data will be displayed. Here's an excerpt from the reference manual regarding Strict Exclusion:

This means that access to the document will be denied whenever the field values in
the section access reduction fields lack matches in their corresponding
section application field. This, however, does
not apply for users with Admin status, who instead will see
the unreduced data set if there are no matches.

Also, when accessing the document through client/server, all client connections will be considered USERs so even if you have ADMIN level access in the section access, the user will get USER level access when opening the document from QVS using any of the clients.

Not applicable
Author

Thank you, Johannes.

So I have to choose between 2 evils)