Yes, to implement section access will need some effort but it is the only way with a single application. If you used however two or more slightly different applications and restricted the access on application-level you could implement such a white-list approach. But it meant more effort to maintenance and system-ressources.
I do use several applications, although most of them gets their data form a binary load so the access rights can be spread that way (as long as users are not allowed to download the applications that should not be a security issue right?)
I guess setting up OMIT groups as per Qlik Tips: Blocking user access to a field using OMIT would reduce the effort needed to prevent most of the users from seeing a handful of fields, but I assume that means there is no default user privilege and that all users must be assigned to a group or see nothing at all? I guess it's not that bad, only a little bit more job than I had hoped for
Sometimes it it useful to apply a DUMMY user - http://community.qlik.com/message/481875#481875 - and/or to create a loop or join to assign all users, see this example (it's not really section access but what approach could be done):
Load 'Dummy' as User Autogenerate 1;
Load distinct Firma From xyz;
Load * Inline [