Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Section Access Data Reduction ( Bug or Problem)

Hello Folks, I am using Qlikvew 11.2 SR6 version & I identified a bug on Section Access. I am doing Data reduction & strict exclusion on my section table to add  security layer. I observed, the USER who have the ADMIN access can able to access all the data if the his respective reduction field is not in Data model. Please find the below my sample script &  qvw file. (Please login with A/a after download.)

SET ThousandSep=',';

SET DecimalSep='.';

SET MoneyThousandSep=',';

SET MoneyDecimalSep='.';

SET MoneyFormat='$#,##0.00;($#,##0.00)';

SET TimeFormat='h:mm:ss TT';

SET DateFormat='M/D/YYYY';

SET TimestampFormat='M/D/YYYY h:mm:ss[.fff] TT';

SET MonthNames='Jan;Feb;Mar;Apr;May;Jun;Jul;Aug;Sep;Oct;Nov;Dec';

SET DayNames='Mon;Tue;Wed;Thu;Fri;Sat;Sun';

Section Access;

LOAD * INLINE [

    ACCESS, USERID, PASSWORD, STATE

    ADMIN, A, a, NJ

    USER, B, b, NY

    USER, C, c, CA

]

Section Application;


SALES:

LOAD * INLINE [

ID, SALES, STATE

1, 100, NY

2, 300, CA

3, 105, PA

];

In the section table USER A have admin previllages and He can access NJ state daat only. But there is NJ value on the SALES table. But, If I login with USER A I can see all the data for A.

Is it a bug on SR6 or I need turn on any other check box other than ( Document Properties --> Opening --> Initial Data Reduction Based on Section Access & Strict Exclusion)

2 Replies
Not applicable
Author

Any one facing similar issue ??

giakoum
Partner - Master II
Partner - Master II

Same in QV11.20SR1 but are you sure this is bad behavior?

From the QV help document :

Strict Exclusion

If this check box is marked in combination with Initial Data Reduction Based on Section Access, strict exclusion will be used when reducing the data. This means that access to the document will be denied whenever the field values in the section access reduction fields lack matches in their corresponding section application field. This, however, does not apply for users with Admin status, who instead will see the unreduced data set if there are no matches. This setting is enabled by default in documents created with QlikView 7.02 and later and is recommended for maximum access security.