Qlik Community

QlikView Scripting

Discussion Board for collaboration on QlikView Scripting.

Announcements

Breathe easy -- you now have more time to plan your next steps with Qlik!
QlikView 11.2 Extended Support is now valid through December 31, 2020. Click here for more information.

Not applicable

LOOPHOLE IN SECTION ACCESS???

We have a major problem. We have SECTION ACCESS created based on a field named CLIENT_ID and are using Active Directory accounts, however a userid that has no data whatsoever is able to see ALL clients' data.

The application has "initial data reduction based on section access" checked but "strict exclusion" unchecked. (Checking strict exclusion seemed to make the security go haywire and was asking the user for a QV user name and password after they entered their AD user name / password). "Reduce data" on the Security tab is also checked.

SECTION ACCESS;
LOAD * INLINE [
ACCESS, NTNAME, CLIENT_ID, BILL_TO_NDCS
ADMIN, CRENT\SALLEN, *, *,
ADMIN, CRENT\QLIKUSER, *, *,
USER, "CRENT\SCE XXX Users", XXX, *

There is NO data whatsoever with CLIENT_ID XXX OR BILL_TO_NDCS beginning with XXX, hwoever, when we log into the application under a userid in the CRENT\SCE XXX Users group, we are seeing ALL DATA.

This is an urgent problem / bug. If a client has no data, they should not see anything. They should never see other data!?!?!?

1 Solution

Accepted Solutions
Not applicable

LOOPHOLE IN SECTION ACCESS???

I figured it out... I had no data at all that the section access was joining to. Since it can't join to a null, it was showing that client everything. I created a client ID table in the section application that has all client IDs (regardless of whether they have any data elsewhere) and it now works as I expected it. Weird loophole.

4 Replies
Not applicable

LOOPHOLE IN SECTION ACCESS???

When you set the field you are limited data on (user id) to * it is a wild card field and means they can see all data.

I'm useing section access in the same way and do not have this issue. Do not use * in any field unless you want that user to see all available data in the document.

Not applicable

LOOPHOLE IN SECTION ACCESS???

I figured it out... I had no data at all that the section access was joining to. Since it can't join to a null, it was showing that client everything. I created a client ID table in the section application that has all client IDs (regardless of whether they have any data elsewhere) and it now works as I expected it. Weird loophole.

Not applicable

LOOPHOLE IN SECTION ACCESS???

Hello, I comment to you that we create a document excel and it is there where we give the accesses for module, I attach an example, probably could be useful.

---------------------------------------------------------------------

Section Access;
LOAD
[ACCESS],
NTNAME
FROM (biff, embedded labels, table is [Modulo A$]);
Section Application;

----------------------------------------------------------------------------------------------

Format of file:

ACCESS NTNAME
Admin rsmigi\qlikview
User rsmigi\lwalton

Not applicable

LOOPHOLE IN SECTION ACCESS???

Thank you. I found out that the issue was the the key data file which my SECTION ACCESS field was joining to had no data for that client_id. I believe that since QV cannot join to a null, the SECTION ACCESS data did not link to anything, thereby allowing the user to see all data.

Nasty loophole IMHO.