I'm building an app that holds sensitive data. No one except the end users should be able to view that data. Not the ones having access to the qvd or qvw files. Not me as the developer either. Then the qv-admins cannot be blamed if there is a leakage.
So the source data will be encrypted with a key, stay encrypted within the qvd. Then I guess the data has to remain encrypted in the qvw (or should I use sectionaccess but then I will get access as the developer or?) and when the user opens the app there is an inputfield to put the key which should decrypt the data. I've seen examples with decrypt-macros. Am I approaching this correctly? Possible with an enterprise tool like Qlikview?
I think you cannot encrypt and decrypt data from QVD. You can restrict the access in Qlikview files with Section access. You can maintain two environments one for development and other for production, usually developers work on development environment and Qlikview administrator have access to Prod environment.
This way you can restrict, only Qlikview admin has full access to the files.
Any user who can get a copy of the QVD data can read it either through QV Personal Edition or via third party QVD tools. QVDs are not a secure way of holding data.
Section access can restrict which users can view the data when using QlikView, but the developers will need access to the data to be able to develop and test the application.
The folders & files where the QVD data is held must be secured using AD file permissions so that access is only granted to the QlikView service account and developers when required. The developer permissions can be removed , or the developer account disabled when development is not taking place
Off course it is possible, everything is possible. You add a macro with
your favourite encryption algorithm, you can call the macro either from
script or from gui. If you don't know the answer, do not say it is
I was just interesting in findings from people who have done this. Here is
Me as a developer do not need the true data to develop but can use testdata.
The qlikview administration can access the files so that is why the data
must be worthless to them, encrypted. Just like storage of passwords on any
The developer has access to the load scripts where the encryption or decryption takes place. One of your requirements is that the developer has no access to the unencrypted data. Same for admins, but system admins will have access to the documents that contain the unencrypted data that are deployed on the qlikview server.
No one except the end users should be able to view that data.
That requirement cannot be met with Qlikview to the best of my knowledge.
In all cases where encryption takes place the developers never have access
to the unencrypted data. Think of such a simple case as your password here
at qlik, no developer can read it out since you have the key to the
encryption. You can replace it but never retrieve it in clear text
In the scenario I think of the qlikview script fetches encrypted data which
only the end user knows the key to, stores the encrypted data in a qvd,
just as any data, then the qvw presents the encrypted data, just as any
data and the end-user can enter his key in an input variable and trig the
decrypt macro to get back the true data. I think that should be possible
and have to do a proof of concept
Cannot believe I'm the first one with that use case and Qlikview