Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
I have the following field within my data model : SA_REDUCTION
This field has the following values:
Depending on the User, I would like to reduce the document based on this field.
So, by using Excel to control SA, I have a worksheet containing :
ACCESS | NTNAME | SA_REDUCTION |
ADMIN | DOMAIN\USER.1 | East District |
My Hidden script is set out as follows:
SECTION Access;
LOAD UPPER(ACCESS) AS ACCESS,
UPPER(NTNAME) AS NTAME,
UPPER(%SA_TRUST_GROUP) AS SA_REDUCTION
FROM
(ooxml, embedded labels, table is [Section Access]);
I also have made sure I have "Initial Data Reduction based on Section Access" checked and "Strict Exclusion" checked.
When I refresh the document, the full data set still remains. Should I be accessing this through access point rather than the desktop?
Any Help appreciated,
Phil
Hi Phil,
Try this
SECTION Access;
LOAD UPPER(ACCESS) AS ACCESS,
UPPER(NTNAME) AS NTAME,
UPPER(SA_REDUCTION) AS SA_REDUCTION
FROM
(ooxml, embedded labels, table is [Section Access]);
Section access is applied by opening an application - if you reload the data the whole dataset will be available. This means you need to ensure that no user could reload the application (there are options within the document properties in tab security).
- Marcus
Hi Marcus,
Thanks for your reply.. When I reload, save and close the document. Data reduction is not happening when I next open the document (and no one else is reloading the application either)...
HI Mayank,
I have updates as your suggestion but still not reducing...
Yes, the data reduction happens by opening the application. That the application is reloaded during your opening doesn't mean that you get access on the whole dataset.
As far as this scenario happens in two or more desktop clients it doesn't matter in any way because these applications are completely independent from each other.
If the application is opened on the server (regardless with which client) it may differ. There are various options within the document properties (beside the security options) in the tabs server and refresh/update (I don't know exactly how it's originally named) and also in the qmc like "Allow only one copy of document in memory" which might impact the behaviour.
I never tested all these options because my default settings worked from the beginning like it should - means I have only one copy of the document in the memory in qmc), the client enforced a refresh (in tab server) and no refresh (in tab refresh) and if I open and save the application with or without a reload leads not to a change within the access on the available dataset. This means as fas as the user couldn't trigger a reload within its opened application no access-violation could happens.
- Marcus
Keep in mind that any user that opens a document with Role=ADMIN in QlikView Desktop, will be treated as a developer and will always have access to everything. This is a special case of overriding Section Access security. Section Access will work just fine even in QV Desktop if you assign Role=USER to yourself.
Otherwise I guess a lot of angry developers who locked themselves out of their own documents "by accident" (of course) would start banging the Qlik frontdoor... 🙂
Even ADMINs should see reduced data when using Desktop if they have values that match existing ones in the data model. However, they will be able to reload and therefore to see all data.
But any ADMIN user, with a value other than "*" (when applicable) or blank or an excluded value in the reduction field(s), will see only his associated data.
However, the field in section access and data model must have the same names and values, meaning the field SA_REDUCTION must exist out of section access and its values must be uppercase in that other table.
According to your example, it seems that the Uppercase() only happens in the section access table, and not in the data model. Therefore there are no associated values for that ADMIN user, therefore when opening with QlikView Desktop, that ADMIN will see all values loaded.
Consider the following script:
SECTION ACCESS;
LOAD * INLINE [
ACCESS, NTNAME, SA_REDUCTION
ADMIN, DOMAIN\MABAEYENS, XXX
];
SECTION APPLICATION;
Data:
LOAD * INLINE [
SA_REDUCTION, COUNTRY
EAST, RUSSIA
SOUTH, SOUTH AFRICA
NORTH, SWEDEN
WEST, SPAIN
];
In this case, if the user accessing is using the account DOMAIN\MABAEYENS, all data will be visible, all 4 countries. However, if instead of XXX the values is, for example, WEST, when opening, the same account will be reduced to see WEST - SPAIN only.
I was just pointing out something like:
(QVW Document + Section Access + Access=Admin) in QV Desktop = No security whatsoever.