3 Replies Latest reply: Sep 13, 2015 10:55 AM by Ron Damiani RSS

    Session log even if user has no section access?

    Ron Damiani

      It looks like the session logs will show a user session even if he/she does not have section access to the qvw.  In our case, we see the socket closed by the client in a minute or two when they can't get through but nothing to indicate access was denied.  Can someone confirm?  Thanks.

       

      RD

        • Re: Session log even if user has no section access?
          Marcus Sommer

          Are you sure that your file-security and/or section access is working properly, for example the restricted mode from section access is enabled? Further I suggest you have a look in the audit-logging, maybe by using the governance dashboard: QlikView Governance Dashboard.

           

          - Marcus

            • Re: Session log even if user has no section access?
              Ron Damiani

              Thanks, Marcus.  If you mean strict exclusion and initial data reduction based on section access, we are using both.  And the user sessions I refer to are listed in the Governance Dashboard.   To give a little background, the user has access to Doc A, but not Doc B through section access using NTNAME and one reducing field.  The Governance Dash shows audit log activity only for Doc A for the user.  The sessions logs , however, show entries for both Doc A and the unsuccessful attempts to access Doc B.  The Doc B logs show 0 selections, Cal Type: NONE, Calls = 4 and the same number of small Bytes Sent for each attempt - things consistent with no activity in the qvw.

               

              The section access seems to be working working properly, I just wasn't expecting to see a session for the unsuccessful doc attempts.  BTW this is on v11.2 SR9.

            • Re: Session log even if user has no section access?
              Ron Damiani

              Well I'll add a little more information in case anyone has some insights on this.  Although the Governance Dashboard and the Usage Analyzer utility (from the Qlik community) both show session entries when the user is denied section access to a document, the session log file does not contain an entry for that session.  The Governance Dashboard code is hidden, but the Usage Analyzer tool's is not, and it only reads the session logs.  I guess these sessions are built in the interval matching process?