Strict Exclusion issue in Access Point - Page 2 - Qlik Community

Report Inappropriate Content · ‎2013-10-04

Hi Folk,s

There seems to be an issue with Strict Exclusion option in QlikView Access Point.

I've used two reduction fields in Section Access. Data is getting reduced as desired in the desktop version.

However when opened in Access Point, it is throwing 'Access Denied to this document'.

I tried deleting shared and meta files as well, but in vain.
Now question is if I disable Strict Exclusion and if the reduction field data is not available, then the user will be able to see all the data.

Pls let me know if you have any ideas to overcome this issue.

Thanks,

Surendra

Carlos_Reyes · ‎2014-01-30

I think you're having troubles with null values and Strict Exclusion. Review this discussion.

Section Access question

agigliotti · ‎2014-01-30

for example the below USER is able to open the document even with STRICT EXCLUSION checked:

why are you talking about null values ?

Carlos_Reyes · ‎2014-01-30

That's strange... In my experience you cannot use null values in the Section Access table for the fields that will be used as filters...

Is that user able to open the document from the AccessPoint? If you use null values there won't be a problem in the Desktop, but you will have problems in the AccessPoint.

agigliotti · ‎2014-01-30

yes the user QLIKADMIN can open the document either with desktop and access point.

what value I should use instead of '' in the section access ?

Report Inappropriate Content · ‎2014-01-30

If the user have null values in the section table, he can't open the application with strict exclusion unless the the reduction field having null value in the data model and this null value connected to other fields data.

Report Inappropriate Content · ‎2014-01-30

You should use unique word and use the same in the reduction field.

Ex: ALL

agigliotti · ‎2014-01-30

as I wrote before, below the script:

SECTION APPLICATION;

STAR is "#";

[SA BRAND]:

LOAD Distinct [SA BRAND], if([SA BRAND] = '', '#', [SA BRAND]) as [Brand prodotto] Resident [TAB UTENTI];

[SA AGENTE]:

LOAD Distinct [SA AGENTE], if([SA AGENTE] = '', '#', [SA AGENTE]) as [%Codice agente] Resident [TAB UTENTI];

[SA AM]:

LOAD Distinct [SA AM], if([SA AM] = '', '#', [SA AM]) as [%Codice Area Manager] Resident [TAB UTENTI];

[SA CLIENTE]:

LOAD Distinct [SA CLIENTE], if([SA CLIENTE] = '', '#', [SA CLIENTE]) as [Codice cliente] Resident [TAB UTENTI];

[SA PC]:

LOAD Distinct [SA PC], if([SA PC] = '', '#', [SA PC]) as [%Codice Profit center] Resident [TAB UTENTI];

[SA TIPOUSER]:

LOAD Distinct TIPOUSER Resident [TAB UTENTI];

Where [TAB UTENTI] is the section access table name.

As you can see in the data model I have the null value for each reduction field.

the question is why the user QLIKADMIN is able to open the document and the user GOMEI can't ?

Carlos_Reyes · ‎2014-01-30

You have to use the values per se... and create all possible combinations that each user is allowed to see... that means equal amount of records.

For instance.. if the ADMIN can see all, and all means 150 different combinations between all your filter fields values... then ADMIN must have 150 records... one for each combination and so for the rest of the users.

I think the next document from HC will be useful so that you can automate as much as possible the process to create all those records.

http://community.qlik.com/blogs/qlikviewdesignblog/2012/10/02/complex-authorization

agigliotti · ‎2014-01-30

I just tried to use ALL instead of null value in section access but no luck.

I can still open the document in AccessPoint only with QLIKADMIN user with STRICT EXCLUSION.

Without STRICT EXCLUSION option I can open the document with all users but no reduction data is taking in place.

What's going on ???

Report Inappropriate Content · ‎2014-01-30

Hi Andrea, QLIKADMIN is a have ADMIN access.

Please try without START is statement and add all possible combination to Reductionfield like Henric suggested in the below post:

http://community.qlik.com/blogs/qlikviewdesignblog/2012/10/02/complex-authorization