Skip to main content
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Showing results for 
Search instead for 
Did you mean: 
Alex
Contributor II
Contributor II

section access - * values

Hi all,

The idea is to have two different User-Level Access values (ACCESS_A and FULL ACCESS). People with ACCESS_A will have access to one ore more ACCOUNTS while those with FULL ACCESS will be able to see all accounts.

As an admin, I'm trying with qlikview desktop in my local pc and it works perfectly. If I have full access, I can see all data but If I change to ACCESS_A I only see some specific accounts.
The problem comes when I publish the document to INTEGRATION where it works with ACCESS_A but for full access raises the following error: "Access denied. You're not able to open the document 19"

My config and code below:

settings > document properties > opening > initial data reduction based on section access and strict exclusion (both checked)

SECURITY:
LOAD * INLINE [
ACCCESS,NTNAME,User-Level Access,Account_Key
USER,AUTH\USER_1,ACCESS_A,ACCOUNT_A
USER,AUTH\USER_2,*,*
USER,AUTH\USER_3,ACCESS_A,ACCOUNT_B
];

Concatenate
LOAD * INLINE [
ACCCESS,NTNAME,User-Level Access,Account_Key
ADMIN,AUTH\SERVICE_ACCOUNT_INTEGRATION,*,*
ADMIN,AUTH\SERVICE_ACCOUNT_PRODUCTION,*,*
ADMIN,AUTH\ADMIN,*,*
];

//Section Access
section access;

LOAD *
RESIDENT SECURITY;

section Application;

Any idea?

Thanks for your support!

12 Replies
Alex
Contributor II
Contributor II
Author

Hi Albert,

Still doesnt' work with blank space.

If I set my user with access = "USER" instead of "ADMIN" and ACCOUNT_KEY = "*" instead of some specific accounts, I can't access to Qlikview (access denied). Find attached the security.qvd format.

Btw, USER-LEVEL ACCESS is just to hide/show some buttons in the main pane.


The section access code:

section access;

LOAD ACCESS,
NTNAME,
ACCOUNT_KEY
FROM
[..\..\Data\Delivery_Hours_Dashboard\Security.qvd]
(qvd);

section Application;

OLEDB CONNECT TO XXX;

SQL SELECT distinct R.regionalID as ACCOUNT_KEY,
R.regionalName as 'Account Name'
FROM Regional R;
albert_guito
Creator II
Creator II

Ummm ... you have to be carefull with the order of reloads when uses seccion access.

You allways have to do it within an ADMIN user without reductions.

Did you run the sample I attached?

Albert

Ag+
Alex
Contributor II
Contributor II
Author

After doing some changes it works in local as expected.

However, once I move to the Content development environment and the server runs the .qvw I can't open it from the access point (failed to open, again).

The point is that if I download the reloaded .qvw to my desktop, I'm able to open it and the security is applied as expected.

I only add one line in the security.qvd with my AUTH NTNAME and USER = "ADMIN". I have also added the service accounts for both servers.

What's the problem in the server then?