My section access pass all test phases both on the local machine itself and the UAT test environment. However when I upload it to the "live" production access point. It does not restrict anything. could someone look at the simplify sample I've created and let me know where I've gone wrong please. thank you.
sample is as my original....
screen shots and code if you dont want to download:
Section access mustn't be sorted in any way - each entry will be considered and any prohibition will overwrite all permissions.
If I use section access I apply it quite near the script-start (it's always outsourced in include-variables but they will need other includes for connections/paths/formatting and so on) and doing everything within this part - but in general it could be placed wherever possible and also divided within multiple section access/application areas.
I'm not sure if the domain could be always skipped - especially within a multi-domain environment which may also require certain trust-settings between them and/or by mixing multiple types of authentications like NT and/or custom users and/or per certificates and/or whatever. But ideally there are no differences between the environments - neither by the OS/QlikView releases nor by the various environment/network/security/authentication settings. Looking within the QMC if you could assign the users to a CAL or other permissions may give valuable hints.
Beside the above I think you need at least two accounts for testing the section access. This might be your personal account and service-user account.
At first make sure that you have enough BACKUP's of your application without any section access. After this you should enable the option of "strict exclusion" because only this option guarantees that not authorized users don't see confidential data - otherwise it should be more regarded as a kind of usability and not of access control.
Further your section access creates a circular loop. I could imagine that this and/or various synthetic keys may not mandatory bother by a section access but personally I regard them as failure and suggest to resolve them - especially if any unexpected happens.
Before looking for any mistakes within the section access should be a data-check if the section access table and their corresponding section application data are loaded properly. Means to comment the section access; statement to get access to the table within the table-viewer and the UI and then using a table-box + various list-boxes to look on the relevant data and if they are associated as expected. I'm not sure if this will really work in your case because there is this circular loop - with measures it will always fail but by pure associations I'm not sure ...
Yes that what I am trying to say. it works even with the circular referencing. I've tested it as an actual table iteself and with the section access implemented. Only when it is in QMC users are not being restricted.
some things I've been told but am not sure if its true or if there are unique situations.
1. Section Access; must be sorted by the "access" field
2. SECTION Application; should be the last line of script. nothing other then dropping the temp access table should come after this
3. There is actually no need to put the domain infront of NTNAME.
I'm unable to test them out individually or see what occurs due to the company's cyber security protocol and can only view the end result of what I push in via git.
Section access mustn't be sorted in any way - each entry will be considered and any prohibition will overwrite all permissions.
If I use section access I apply it quite near the script-start (it's always outsourced in include-variables but they will need other includes for connections/paths/formatting and so on) and doing everything within this part - but in general it could be placed wherever possible and also divided within multiple section access/application areas.
I'm not sure if the domain could be always skipped - especially within a multi-domain environment which may also require certain trust-settings between them and/or by mixing multiple types of authentications like NT and/or custom users and/or per certificates and/or whatever. But ideally there are no differences between the environments - neither by the OS/QlikView releases nor by the various environment/network/security/authentication settings. Looking within the QMC if you could assign the users to a CAL or other permissions may give valuable hints.
Beside the above I think you need at least two accounts for testing the section access. This might be your personal account and service-user account.