Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello Folks, I am using Qlikvew 11.2 SR6 version & I identified a bug on Section Access. I am doing Data reduction & strict exclusion on my section table to add security layer. I observed, the USER who have the ADMIN access can able to access all the data if the his respective reduction field is not in Data model. Please find the below my sample script & qvw file. (Please login with A/a after download.)
SET ThousandSep=',';
SET DecimalSep='.';
SET MoneyThousandSep=',';
SET MoneyDecimalSep='.';
SET MoneyFormat='$#,##0.00;($#,##0.00)';
SET TimeFormat='h:mm:ss TT';
SET DateFormat='M/D/YYYY';
SET TimestampFormat='M/D/YYYY h:mm:ss[.fff] TT';
SET MonthNames='Jan;Feb;Mar;Apr;May;Jun;Jul;Aug;Sep;Oct;Nov;Dec';
SET DayNames='Mon;Tue;Wed;Thu;Fri;Sat;Sun';
Section Access;
LOAD * INLINE [
ACCESS, USERID, PASSWORD, STATE
ADMIN, A, a, NJ
USER, B, b, NY
USER, C, c, CA
]
Section Application;
SALES:
LOAD * INLINE [
ID, SALES, STATE
1, 100, NY
2, 300, CA
3, 105, PA
];
In the section table USER A have admin previllages and He can access NJ state daat only. But there is NJ value on the SALES table. But, If I login with USER A I can see all the data for A.
Is it a bug on SR6 or I need turn on any other check box other than ( Document Properties --> Opening --> Initial Data Reduction Based on Section Access & Strict Exclusion)
Any one facing similar issue ??
Same in QV11.20SR1 but are you sure this is bad behavior?
From the QV help document :
Strict Exclusion
If this check box is marked in combination with Initial Data Reduction Based on Section Access, strict exclusion will be used when reducing the data. This means that access to the document will be denied whenever the field values in the section access reduction fields lack matches in their corresponding section application field. This, however, does not apply for users with Admin status, who instead will see the unreduced data set if there are no matches. This setting is enabled by default in documents created with QlikView 7.02 and later and is recommended for maximum access security.