Am I the only one that think it doesn't make any sense?
The best practice for Qlikview (so I read) is to store the permissions in some DB.
Let's say the data in the permissions table in the DB was somehow deleted (human error).
Then you try reload your QVW (not knowing there is no permissions data) and it's locked now.
Even if you gain access to the permissions table and re-populate it, you have nothing to do?
I think, it is bad design.
Ofcourse, now that I am aware of it, it probably will not happen again.
I have a lot of experience with different BI tools, but I never encountered something so bizzare.
You should have a way to see your code even if you have no data permissions.
29.3 Security Using the Section Access in the QlikView Script
If the Section Access in the QlikView script is set up to handle security, then one single file can be made to
hold the data for a number of users or user groups. QlikView will use the information in the Section Access
for Authentication and Authorization and dynamically reduce the data, so that the user only sees his own
The security is built into the file itself, so also a downloaded file is to some extent protected. However, if
the security demands are high, downloads of files and offline use should be prevented. The files should be
published by the QlikView Server only.
Since all data are kept in one file, the size of this file can potentially be very large.
All information below refers to the security method of using Section Access in the QlikView script.
So, if the document is messed up and it can't Authentication you, it will not let you in.
Bill, thanks for your answers. I completely understand what you are saying. Also I was able to extract my script from the QVW file in some reverse engineering of the file itself, as the QVW file itself contains an XML with the script (so if you know your script, with some work you can get it back).
I am not familiare with the way the QlikView server works, as I am using a stand alone license.
I would think that you should have 3 entities:
1. Your report (QV app)
2. Your security implementation
3. A combined product fo 1 and 2
But what happens is that 1 and 2 are incorporated into each other, meaning data permissions lock you ability to maintain the code. It just looks weird to me. In real life the person developing has 0 data permissions.
Is it possible in the server to apply section access without incorporating it in the QVW ? If so, it makes sence.
Further to Bill's answer, I tend to put all my security in the document as a load * inline, but you could hard code just the admin password with user security loaded from the DB. This would cover you in case the data in the DB had been deleted.
LOAD * INLINE
[USERID, PASSWORD, ACCESS
Admin, adminpassword, Admin];
(ooxml, embedded labels, table is Sheet1);
While I have no solution to your problem, there's a blog on this that provides useful advice prior to switching section access on.
Have a look.
Not sure about this but just want to throw out this idea:
Let's say a user is locked out of QVW file because of Section Access. The sample Section Access security was like this:
But you forgot to add your user name as the ADMIN, then you can either try to login as either USER1 or USER2, install QlikView and open the file and edit the script and add your username as ADMIN.
Or alternately, install a Windows Server on a stand alone machine and keep the name of this machine as COMPDOMAIN. Create a user on this machine called USER1 and login with this user. Install QlikView and the license. Then just try to open this file on this computer. This should work.