Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2013-10-04 12:32 PM

Strict Exclusion issue in Access Point

Hi Folk,s

There seems to be an issue with Strict Exclusion option in QlikView Access Point.

I've used two reduction fields in Section Access. Data is getting reduced as desired in the desktop version.

However when opened in Access Point, it is throwing 'Access Denied to this document'.

I tried deleting shared and meta files as well, but in vain.
Now question is if I disable Strict Exclusion and if the reduction field data is not available, then the user will be able to see all the data.

Pls let me know if you have any ideas to overcome this issue.

Thanks,

Surendra

5,390 Views
22 Replies
agigliotti
Partner - Champion
Partner - Champion
‎2014-01-30 06:47 AM

Hi Surendra,

I'm using version 11.20 SR4 and I have the same issue.

Did you solve it ?

Regards

Andrea

1,208 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2014-01-30 07:05 AM

In response to agigliotti

I can't because if a user have a data value in section access that doesn't match any value in data table he can see ALL data rather than NO DATA and this is the PROBLEM.

That's why I need the strict exclusion option enabled but in this way I can't open the document even for users that should be able to see it.

I didn't use "STAR is" but EMPTY string in section access for those fields for which I have to see all values (NULL included).

How do "STRICT EXCLUSION" really works ?

Regards

Andrea

1,208 Views
0 Likes
IAMDV
Luminary Alumni
Luminary Alumni
‎2014-01-30 07:36 AM

In response to agigliotti

Hi,

It works from Desktop client because you have ADMIN access. What kind of SA are you implementing? There must be conflicting access between two fields and it's normal behaviour for SA to deny access when you're using Strict Exclusion option. There is great risk if you don't use Strict Exclusion.

Please provide sample application to assist you.

Cheers,

DV

1,208 Views
0 Likes
IAMDV
Luminary Alumni
Luminary Alumni
‎2014-01-30 07:41 AM

In response to agigliotti

Please DON'T uncheck the "Strict Exclusion" option to resolve this issue. If you do it then users will see ALL the data and this might be security breach!

Please see the below thread where I've posted an example on how to implement SA with Strict Exclusion.

http://community.qlik.com/message/247356#247356

Cheers,

DV

www.QlikShare.com

1,208 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2014-01-30 09:11 AM

In response to IAMDV

below the section access table from QVD file:

SA_01.png

Section Application;

STAR is "#";

[SA BRAND]:

LOAD Distinct [SA BRAND], if([SA BRAND] = '', '#', [SA BRAND]) as [Brand prodotto] Resident [TAB UTENTI];// Where Len(Trim([SA BRAND]))>0;

[SA AGENTE]:

LOAD Distinct [SA AGENTE], if([SA AGENTE] = '', '#', [SA AGENTE]) as [%Codice agente] Resident [TAB UTENTI];// Where Len(Trim([SA AGENTE]))>0;

[SA AM]:

LOAD Distinct [SA AM], if([SA AM] = '', '#', [SA AM]) as [%Codice Area Manager] Resident [TAB UTENTI];// Where Len(Trim([SA AM]))>0;

[SA CLIENTE]:

LOAD Distinct [SA CLIENTE], if([SA CLIENTE] = '', '#', [SA CLIENTE]) as [Codice cliente] Resident [TAB UTENTI];// Where Len(Trim([SA CLIENTE]))>0;

[SA PC]:

LOAD Distinct [SA PC], if([SA PC] = '', '#', [SA PC]) as [%Codice Profit center] Resident [TAB UTENTI];// Where Len(Trim([SA PC]))>0;

[SA TIPOUSER]:

LOAD Distinct TIPOUSER Resident [TAB UTENTI];// Where Len(Trim(TIPOUSER))>0;

in ACCESS POINT the user above can't open the document if the STRICT EXCLUSION is checked

All values listed in reduction fields of section access matches with the section application data values.

I don't understand why I got the below request for user/password:

SA_02.png

Can you help me?

Thanks

Andrea

1,208 Views
0 Likes
Not applicable
‎2014-01-30 09:47 AM
Author

In response to agigliotti

Hi Andrea, You already have NTNAME, why are you included the USERID , PASSWORD , NTDOMAINSID with *.

The user must be Authenticated with NTNAME to the access point. So you dont need these another values.

I always suggest, please keep only one ReductionField with composite key and this one recommended.

Please go through the below post for more details:

http://community.qlik.com/blogs/qlikviewdesignblog/2012/10/02/complex-authorization

1,208 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2014-01-30 10:01 AM

In response to

in the section access I also have one admin account (USERID=ADMIN and password=ADMIN) that's why you see this fields.

Did you understand why the user can't open the document ?

1,208 Views
0 Likes
Not applicable
‎2014-01-30 10:08 AM
Author

In response to agigliotti

May be USERID and PASSWORD fields are exist in Section Table

Try with * as username & Password

1,208 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2014-01-30 10:13 AM

In response to

No USERID and PASSWORD doesn't exists in section application.

I didn't undertand the * where I should use it.

1,208 Views
0 Likes