Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
richardpayne
Creator
Creator
‎2017-06-06 11:47 AM

QVW Metadata - Entries missing from Lineageinfo

I am reading all QVWs in our production environment as XML and doing a simple where-used on the QVDs which contain our section access field security definitions. In all cases, the security QVD is loaded in the hidden script.

Some QVWs do not show the security QVDs in the LineageInfo table. I can't seem to see why. Is there a setting I need to check on the QVWs? Between those that show the QVD in the XML and those that do not, the hidden scripts and document security properties seem to be consistent.

1,549 Views
0 Likes
14 Replies
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2017-06-08 09:52 AM

In response to richardpayne

There tends to be this automatic assumption to put SA script in the hidden, but I no longer follow this practice unless there is a specific reason.  I think it's left over from the days when we may have put actual passwords in SA.  These days, almost everyone uses the NTUSER with no password. Hidden script is a pain and I avoid it.  I also don't think hidden script for SA adds meaningful to the security of the app.

Consider this story.  BI Manager Sally supervises Junior QV Dev Frank.  Under the security policy of the company, Sally is the only person  who can update the SA tables. So Sally has write access to the SA source, whether that's a SQL table or a QVD.

Frank reloads qvws when doing desktop development.  So Frank needs read access to the SA source.  Meaning he could always read the source table if he wanted to.  The only security hidden script provides is that it makes it harder for Frank to figure out the name of the SA source.  If we need to keep Frank that isolated (not a bad thing) then Frank's development should probably use Development versions of the SA tables.

My two cents.

-Rob

http://masterssummit.com

http://qlikviewcookbook.com

563 Views
richardpayne
Creator
Creator
‎2017-06-08 02:33 PM
Author

In response to rwunderlich

I'll bring these points to the table. Thank you for your time.

563 Views
0 Likes
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2017-06-08 07:39 PM

In response to richardpayne

BTW, loved the

563 Views
richardpayne
Creator
Creator
‎2017-06-16 04:35 PM
Author

In response to rwunderlich

In my tests, moving the section access out of the hidden script and just sticking it at the end of the script works fine. I can now see the QVD in the document's lineageinfo.

To make this whole vision come together, I would love to be able to tell what fields are used from the section access qvd. It doesn't look like it shows these fields being sourced from the section access qvd, but from the data sources. The section access qvd does not appear in the TableDescription or SrcTables metadata entries.

Have I hit a wall here? What I've done so far is valuable, but we use section access over a number of documents, but they don't all use the same fields. Some are less detailed. Our environment is large enough that users are always asking me who has access to what and how documents are restricted. Having the information of what fields are secured allows me to answer every question.

563 Views
0 Likes
rwunderlich
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2017-06-22 01:50 PM

In response to richardpayne

As far as I know, Section Access tables by design does not produce metadata for security reasons.

-Rob

http://masterssummit.com

http://qlikviewcookbook.com

563 Views
0 Likes