Thanks, but I want to have both conditions in one App. I want to protect my script and all sheets but I dont't want to require user/password from 'browser' user.
You should avoid case 2 by distributing a physical qvw to users if you need this kind of security because AFAIK each way to ensure an application like macros or section access could be bypassed by experienced users (with some time).
What Anand mentioned is exactly what you are looking for. The hidden script protected by a password does not affect in your users opening the document without being prompted for any credentials, it only prompts for password when the QVW is open locally using QlikView Desktop and Show Hidden Script is selected from the File menu in the script dialog.
Yes - but anyone can copy unhidden script (unless I copy it to hidden tab). The same is with application objects (tables, charts etc) - anyone can modify them.
Anyone with access to the physical file, correct, as it is supposed to work. To avoid this set the right NTFS permissions and only those developers with access will be able to locally open the file.
Otherwise, via web the file cannot be copied or modified, or the script edited, hidden or not. Of course, data is still there and a user could take screenshots.
You could use section access and adding all users unless yourself and some admin-users like your server-account user as USER in ACCESS. Then you could adjust various options within the document properties tab security and also setting adjusting some of the sheet- and object-properties (no moving, read only, ...) - but like already mentioned you shouldn't make the qvw itself available else just using only the access point.
.png "Miguel_Angel_Baeyens"){kind=avatar}
