Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2012-01-30 12:31 PM

OMIT multiple fields

Hi,

I am successfully protecting a particular data field (PROTECTEDFIELD1) from unauthorised access by certain users, by using section access in my script:

SECTION Access;

LOAD ACCESS,

     NTNAME,

     OMIT

FROM

[My security spreadsheet.xlsx]

(ooxml, embedded labels, table is Sheet1);

In my spreadsheet I have the following table:

ACCESSNTNAMEOMIT
ADMINMYDOMAIN\GOD_USER
USERMYDOMAIN\LOWLY_EMPLOYEEPROTECTEDFIELD1


This works fine. When logged in as LOWLY_EMPLOYEE, I can't see PROTECTEDFIELD1.

My problem is: I can't figure out how to restrict access to more than one field. Is there a particular syntax? I have tried:

  • PROTECTEDFIELD1 PROTECTEDFIELD2
  • PROTECTEDFIELD1, PROTECTEDFIELD2
  • PROTECTEDFIELD1; PROTECTEDFIELD2

Any ideas?

Thanks

9,220 Views
0 Likes
1 Solution

Accepted Solutions
swuehl
MVP
MVP
‎2012-01-30 12:48 PM

Just duplicate the line with stating the other field value(s):

ACCESSNTNAMEOMIT
ADMINMYDOMAIN\GOD_USER
USERMYDOMAIN\LOWLY_EMPLOYEE

PROTECTEDFIELD1

USER

MYDOMAIN\LOWLY_EMPLOYEEPROTECTEDFIELD2

View solution in original post

6,071 Views
5 Replies
swuehl
MVP
MVP
‎2012-01-30 12:48 PM

Just duplicate the line with stating the other field value(s):

ACCESSNTNAMEOMIT
ADMINMYDOMAIN\GOD_USER
USERMYDOMAIN\LOWLY_EMPLOYEE

PROTECTEDFIELD1

USER

MYDOMAIN\LOWLY_EMPLOYEEPROTECTEDFIELD2
6,072 Views
Michael_Reese
Employee
Employee
‎2020-05-19 04:34 PM

You can also link to a second table so your user table can be 1:Many without duplication.

 

User table...

ACCESS,NTNAME,OMITGROUP

 

Table with just the OMIT fields...

OMITGROUP, OMIT

 

See an example here...

https://community.qlik.com/t5/Qlik-Sense-Documents-Videos/Example-Section-Access-w-Data-Reduction-an...

 

 

5,057 Views
carlcimino
Creator II
Creator II
‎2021-06-30 04:56 PM

In response to Michael_Reese

@Michael_Reese This is much more easily maintained than the response marked as the solution.  Thank you for providing the link.

4,146 Views
carlcimino
Creator II
Creator II
‎2021-07-01 11:35 AM

In response to Michael_Reese

@Michael_Reese  One thing I am having trouble with is when using the OmitGroup method and I don't have a value in that field (that user should have no fields ommitted) it gives me the access denied upon reload.  When OmitGroup is populated it works.  I've included screen shots and my script below.  Is there anything you see that I am doing incorrectly?  I followed your steps as closely as possible.

Omit Group Populated returns "Access Denied after reload..."

carlcimino_1-1625153061579.png

carlcimino_3-1625153172317.png

carlcimino_0-1625152946806.png

With it populated the runs sucessfully.

carlcimino_2-1625153117898.png

carlcimino_4-1625153472884.png

Here's my section access script.

ALL_MAINAREA:
Load dual(FieldValue('Main Area', RecNo()), FieldValue('Main Area', RecNo())) as ALL_MAINAREA
AutoGenerate FieldValueCount('Main Area');

DISTINCT_MAINAREA:
Load Distinct
Concat(distinct ALL_MAINAREA, ';') as DISTINCT_MAINAREA
resident ALL_MAINAREA;

drop table ALL_MAINAREA;

ALL_TEAM:
Load dual(FieldValue('Team', RecNo()), FieldValue('Team', RecNo())) as ALL_TEAM
AutoGenerate FieldValueCount('Team');

DISTINCT_TEAM:
Load Distinct
Concat(distinct ALL_TEAM, ';') as DISTINCT_TEAM
resident ALL_TEAM;

drop table ALL_TEAM;

ALL_SUBTEAM:
Load dual(FieldValue('Sub-Team', RecNo()), FieldValue('Sub-Team', RecNo())) as ALL_SUBTEAM
AutoGenerate FieldValueCount('Sub-Team');

DISTINCT_SUBTEAM:
Load Distinct
Concat(distinct ALL_SUBTEAM, ';') as DISTINCT_SUBTEAM
resident ALL_SUBTEAM;

drop table ALL_SUBTEAM;

SubField_Security:
Load *
where exists(DATA_KEY)
;
Load
ACCESS
, NTNAME as USERID
, OMITGROUP
, if("Main Area" = 'ALL',
trim(upper(subfield((peek('DISTINCT_MAINAREA', 0, 'DISTINCT_MAINAREA')),';'))),
trim(upper(subfield("Main Area",';'))))

&'-'&

if("Team" = 'ALL',
trim(upper(subfield((peek('DISTINCT_TEAM', 0, 'DISTINCT_TEAM')),';'))),
trim(upper(subfield("Team",';'))))

&'-'&

if("Sub-Team" = 'ALL',
trim(upper(subfield((peek('DISTINCT_SUBTEAM', 0, 'DISTINCT_SUBTEAM')),';'))),
trim(upper(subfield("Sub-Team",';')))) as DATA_KEY
FROM [lib://Global_Finance_BIFileshare/IPA_Proforma_Reporting/Includes/IPA_Pro_Forma_Reporting_Section_Access.xlsx]
(ooxml, embedded labels, table is Sheet1);

drop Tables DISTINCT_MAINAREA, DISTINCT_TEAM, DISTINCT_SUBTEAM;

Section Access;

AUTHORIZATION:

NoConcatenate

Load Distinct
ACCESS,
USERID,
DATA_KEY,
OMITGROUP
resident SubField_Security;

OMIT_FIELDS:
LOAD
OMITGROUPID,
OMITGROUP,
OMIT
FROM [lib://Global_Finance_BIFileshare/IPA_Proforma_Reporting/Includes/IPA_Pro_Forma_Reporting_Section_Access.xlsx]
(ooxml, embedded labels, table is [Omit Group]);

Section Application;

OMIT_SHOWHIDE:
load Distinct
OMITGROUP as OMITGROUP_APP,
OMITGROUPID
Resident OMIT_FIELDS;

 

 

 

4,121 Views
Michael_Reese
Employee
Employee
‎2022-08-04 12:38 AM

Hi @carlcimino .  Did you get it worked out?  If not, could you show the resulting tables?  I'll try to reproduce it.

You can turn off section access while still loading the security tables.  Make sure you are not reducing records out for those users.

Michael_Reese_0-1659587560472.png

ALL sees everything.  All offices.

Michael_Reese_1-1659587620773.png

 

2,990 Views
0 Likes