6 Replies Latest reply: Mar 19, 2014 2:56 PM by Wei Wang RSS

    Binary load with section access question

    Wei Wang

      Hi,

       

      I have two qvws, doc1 and doc2. doc1 has section access setup, and is binary loaded into doc2.

       

      In doc2's script, I have Binary doc1.qvw as the first line, but since doc1 has section access setup, QV prompts me for usename/password when executing reload on doc2.

       

      Is there a way to programmatically specify username/password in the script? I am embedding QV in my app via its OCX interface, and want to manage all of the interactions between my app (a .NET app) and QV programmatically without any user intervention.

       

      A couple of the forum posts seem relevant-

      Binary load question

      Batch File user and password for QlikView

       

      However I don't use NTName as a way for authentication, so it's not going to help me in my situation.

       

      Right now, my workaround is to do the following (all programmatically)-

      1. Load doc1.qvw

      2. Modify doc2's load script to comment out the binary load statement, and insert the normal section access code to establish the same account I have in doc1.

      3. Load doc2.qvw

      4. Reopen doc2 with the username/password I established in step 2, modify the load script again to uncomment the binary load statement and remove the section access code that I added in step 2.

      5. Reload doc2.qvw

       

      This way seems to work for me, but as you can see, it's pretty ugly. Is there any better way to do this?

       

      Thanks,

      Wei

        • Re: Binary load with section access question
          Gysbert Wassenaar

          Create a source qlikview document that only contains the data you need in your other qlikview apps, but doesn't contain section access. Put the section access in the script of the other documents as needed, i.e. don't binary load it. You could choose to put the section access part of the script in a script file and use an include (or must_include) statement to include it in the scripts of the other documents.

            • Re: Binary load with section access question
              Wei Wang

              Thanks for the quick reply.

               

              I need to secure doc1 as well as doc2 in my user's environment, hence my original implementation of having section access in doc1 (with data) and binary loaded into doc2.

               

              If I take out section access in doc1, is there any other way to secure it?

               

              Thanks,
              Wei

                • Re: Binary load with section access question
                  Jonathan Dienst

                  Wei

                   

                  What Gysbert is suggesting is to create a 'doc0' which would be the same as doc1 without the section access. Add binary load of doc0 to doc1 and doc2 and add section access to each of these. Secure doc0 so that no users can get to this file.

                   

                  HTH

                  Jonathan

                  • Re: Binary load with section access question
                    Wei Wang

                    Gysbert and Jonathan,

                     

                    Thanks for the additional information. I understand the principle both of you are saying- basically leave the section access out of the "intermediary", data-only qvw, and only do section access on those that users will actually access.

                     

                    Apologize for not completely describing my need, but in reality, the principle you described is what I am already doing. In my example, doc1 is that intermediary, data-only qvw, and my doc2 is the one that my users will see and use.

                     

                    The reason why I added section access to doc1 is because we are a desktop application, and as such, doc1 will be exposed to users outside of QV (ie. the file system). Because of the security concern, we need to make sure user can not see the data they are not allowed to see, through any means that we can reasonably protect against. If I don't secure doc1 via section access, user may be able to open that qvw via standalone QV (our app has the proper access control, so unauthorized user can't open any qvw in our app) and see the data that he/she was not supposed to see.

                     

                    In terms of securing doc1, both of you mentioned "secure it so that no user can get to/see the file". I am assuming what this means is that I need to find some other way of securing the file outside of QV, and not rely on any of the QV capability. Is that what you are saying?

                      • Re: Binary load with section access question
                        Gysbert Wassenaar

                        Yes, that's correct. Simply remove the NTFS file permissions of doc1 for the users that shouldn't be able to open it. You seem to imply that the users don't use the Access Point of a Qlikview Server installation, but the desktop client. You can 'hide' doc1 from those users by putting the document in a folder the users have no access to. If you were using the access point merely removing read permissions would be enough to prevent the document from being shown to the users in the Access Point.

                          • Re: Binary load with section access question
                            Wei Wang

                            We are a complete desktop app using desktop version of QV. There's no QV server installation, and our app runs under the Windows user who is currently logged-in. So in essence, I need to create that doc1, revoke my own privilege, but then add my privilege back just before QV binary load it into doc2. Hum ... that'd be something interesting to implement. Alternatively, I suppose I can encrypt doc1 in my app, and decrypt it only before QV binary load it into doc2.

                             

                            Given these options, I am almost wondering if I should just leave my current ugly implementation in place. I guess this little discussion comes full circle back to my original post- I have a workaround today, but not sure if I should leave it along and depend on QV's behavior when doc1 and doc2 have the same section access setting, or if I should do something else.

                             

                            Thanks,
                            Wei