We are attempting to hide salary lines for some users and ran into a problem. When we added the appropriate lines to the Section Access (see "Changed Section"), Salary was hidden from everyone, including those with QVAdmin rights. Clearly not a desirable outcome.
Goal: Prevent those in the QV_OmitSalary AD group from seeing their dept's Salary information, but allow them to see the other dept expenses.
What is restricting the admins from seeing the Salary information?
Does anyone see anything wrong with the changed section?
One thing to keep in mind here is that the star wildcard in the reduction field represents all values listed in the section access table. It does not represent all values loaded in your data table. If all possible values from the datat is represented in the Section Access table, then the star will be equal to all data. If you do not Section Access: Strict Exclusion enabled, try using a reduction value that does not exist if you intend to give the user access to ALL data. For example I often use the reduction value <ALL VALUES> to indicate the intention.
Please notice that all values in Section Access must be in upper case. In this example your NTNAME values are not in UPPER case.
If you find that the reduction is not accurate for a specific user, my suggestion is that you disable section access and validate the reduction buy manually applying the reduction (selection). Will the data reduce as expected when you apply the reduction values manually?
IMPORTANT: Always make a backup of your QVW before changing Section Access, so that you can revert to the backup if you lock yourself out.
The upper case rule does not seem to apply to the AD groups.
Using lower case for the AD group (COMPANY\QV_ExpenseMgmt_xxx), people are able permitted to see only their department information. The app has worked with lower case AD group names for over a year now.
When I uppercase COMPANY\QV_ExpenseMgmt_xxx, my test user is requested to enter her p/w.
The field names yes, but other than that, I agree with John that values in the Fields NTNAME,USERID, PASSWORD can be in lower/mixed case.
One thing to add to Toni's answer would be the notion that ADMIN rights are only intended for offline distribution to restrict the users ability to alter the security settings. What these admins can see is, like the rest of the users, the values listed in the section access table
Yes all Field names should be in capitals and all values in Fields should be in capitals, except for the system fields values in USERID and PASSWORD (so field names still in capitals). Although not specifically mentioned in the reference manual, I think this applies also to the NTNAME and probably AD Group fields(haven't tried).
I was taught when I joined Qlik 8 years ago that everything in section access had to be capitalize. USERID and passwords are not case sensitive so these being capitalize is not going to case an issue with login.