If we have a situation where we have have certain fields, for instance customer contact details, that we want to make sure only authorised users are able to access is there a simple way to do this?
From what I have understood of section access you can use OMIT to prevent specific users from viewing specific fields. But as we have multiple users, most of whom would not be permitted to view those fields it seems that can become a bit cumbersome. Is there any way to make it into a whitelist system such that no rows are hidden for any users, but e.g. phone numbers are hidden unless the user is listed as part of the outbound team?
It is assumed that the client application runs in an Ajax environment, some users have CAL access, other are named users, there are multiple fields to restrict and none is to be given access to the restricted fields unless explicitly stated.
How would one solve this problem in a way that is easy to maintain for developers and administrators alike?
Yes, to implement section access will need some effort but it is the only way with a single application. If you used however two or more slightly different applications and restricted the access on application-level you could implement such a white-list approach. But it meant more effort to maintenance and system-ressources.
I do use several applications, although most of them gets their data form a binary load so the access rights can be spread that way (as long as users are not allowed to download the applications that should not be a security issue right?)
I guess setting up OMIT groups as per Qlik Tips: Blocking user access to a field using OMIT would reduce the effort needed to prevent most of the users from seeing a handful of fields, but I assume that means there is no default user privilege and that all users must be assigned to a group or see nothing at all? I guess it's not that bad, only a little bit more job than I had hoped for