I wish to set up access to individuals to see thier own data, but to admins to see all data. I attempted to do this with section access, with users having access to individual records, but the admin having null (eg. all data).
However, on loading the users saw the right data, but the admin only saw records where the data was blank. I tried replacing blank data with 'ANY', but the admin user could not log in (as they could then see no records). Using a * symbol gave the admin access to everything the users had, but not to anything outside of that.
I'm guessing the problem is down to leaving the value out on the inline load of section access is the same as empty string, not null?
SecurityNames: LOAD * INLINE [ SecurityNames JOHN JANE ];
[...]
ExchangeLog: LOAD *, if(exists(SecurityNames,upper(RecipientName)), upper(RecipientName), 'ANY') as MAPNAMETO, [...]; SQL SELECT * FROM dbo.tbl_ExchangeAgentLog; [...] DROP TABLE SecurityNames;
So basically I have a dummy user in the security, which maps to ANY, a temporary table with allowed names in, and anything that isn't an allowed name being mapped to ANY - that then means that the * on the admin account will map to any record.
This obviously isn't very robust though, as if an entry gets added to the SecurityNames table, without a corresponding Section Access entry those rows will not be shown to the administrator.
There has to be a neater way than my work around! Any suggestions gratefuly received.
When opening the document via server all clients will be considered User even if Admin is specified under Access in the section access table.
This means that when strict exclusion is checked the admin without a proper reduction value can see all the data when opening the document locally but not when it's opened via server since the admin only gets User access level as well. Since no proper reduction can be made for the admin, Strict Exclusion will deny him/her access.
That is it. Unticking the 'Strict Exclusion' flag causes the document to work fine in server, with all user accounts.
However, this still seems slightly flawed to me, as Strict Exclusion locks out users that do not have access to any data, but the Admin user has rights to all of the data - and this is proven by logging in with Strict Exclusion off.
The original query would have been about QlikView Server 8.5 - which I doubt you are using now!
The thread split in two - but the response that Johannes gave to my original query was (and still is at QV10) completely correct. When opening a document via the Server the distinction between User and Admin is not there. So, for a user to see all rows - even if they are not referenced in a nother Section Access row - requires that Strict Exclusion is turned off.
If you turn off Strict Exclusion you need to be very careful of Null values appearing in your Section Access tables by mistake.
