I was recently tasked to create an app where the section access is not based on a location or some other field but rather have it based on the individual using the app and if they made any changes to an existing company intranet site schedule form. The change that would be the trigger for access was if the person was listed as the approver and has approved days off on an existing vacation schedule page. After searching through section access options and realizing it would be a headache to grant everyone access, I created a simple solution. The app has two tabs, Approver and Personal. The tabs will show what you approved (if applicable) and your own personal schedule which includes days taken and days left. I created a straight table with all applicable information for each tab then locked down the chart using the Calculation Condition on the General tab of the Chart Properties. The condition I used was GetSelectedCount(“FIELDFORNT”)>0 . The FIELDFORNT field was either the Approver NT or the User NT based on the tab. I then created a Button and named it “User Access”. I went into the Button properties and selected the “Actions” tab. I chose the action “Select in Field” and for the field, I chose the field for the Approver NT or User NT (based on the tab I was using). In the Search String, I entered =trim(right(osuser(),len(osuser())-12). For my company, there are 12 characters after the NT name which is the e-mail (@^^^^^.com). The Search String matched the NT name with the OSUSER which enters the proper value in the field and grants access to view the table. I also removed the “Current Selections” box so the user can't choose the select all option in AccessPoint in order to view what they do not have access to view. I hope other users can use this simple trick to grant access to authorized data.
So if there is no "real" section access, if the user opens the data model, or adds a new field, or displays the table viewer, they would eventually be able to see unauthorized data. How did you deal with that?
So the Ajax menu is disabled for the app, then? They could drag and drop a new field, or create a new sheet, or use the current selections box from the menu, not from the QlikView object in the app. Or open the app using the QlikView Desktop if they have it installed or downloaded from the Qlik website.
I want to make sure this is a generally viable solution without the proper security setup, which is first file system security and second section access.
I have this app locked down to where no menu is available. The only people with access to the actual QV app are developers only and these apps are on their own private server where developers have to remote into. It is locked down very well