2 Replies Latest reply: Dec 3, 2015 7:44 AM by Peter Cammaert RSS

    Problem with section access when opening app from accesspoint

    Martin Norman

      Hello,

      I'm using section access in my app.

      SECTION Access;

      USERS:

      LOAD * Inline [

        ACCESS, NTNAME, OPERATOR

        ADMIN, CORPUSERS\XSSELDQLIKVIEW, ADMIN

        ADMIN, CORPUSERS\XP011818, ADMIN

        USER, CORPUSERS\23060649, ORANGE

      ];

      SECTION Application;

      LinkTable:

      LOAD * Inline [

        OPERATOR, SUBOPERATOR_TYPE

        ADMIN, ORANGE_PRIVATE

        ADMIN, HUTCHISON_PRIVATE

        ORANGE, ORANGE_PRIVATE

        ORANGE, HUTCHISON_PUBLIC

      ];

       

      When opening the app using the QlikView client it works as expected for all users.

      But when we open the app from the access point it works for the ADMIN accounts but the USER account is not granted access.

       

      In the Event log we find

      2015-11-12 03:12:34 2015-12-02 13:06:06 4 700 Information File Upload: File upload initiated (110.IDD/DIIS.qvw)

      2015-11-12 03:12:34 2015-12-02 13:06:09 2 500 Warning SE_LOG: User - GetSFUser: Failed to LookupAccountName1. GLE(1332)

      2015-11-12 03:12:34 2015-12-02 13:06:10 4 700 Information FileClose: Upload completed (110.IDD/DIIS.qvw)

      2015-11-12 03:12:34 2015-12-02 13:06:18 4 700 Information SE_LOG: Server - Purge: 110.IDD/DIIS.QVW to be unloaded. All(0), Obselete(1), Expired(0).

      2015-11-12 03:12:34 2015-12-02 13:06:18 4 700 Information DOC loading: Unloading document D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW, state UNLOADING.

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information Ticket created: Ticket (BC32BF3F35B5CE85BBA217867F64CDC1C9E53ECE) for CORPUSERS\XP011818.

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information Ticket Lookup: Ticket BC32BF3F35B5CE85BBA217867F64CDC1C9E53ECE was found.

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information SE_LOG: Document Load - ODE1: Document D:\QV-DOCS\USERDOC\110.IDD\DIIS.qvw, AuthenLev(2). Authuser()

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information SE_LOG: Server - LoadDocument: Loading document D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information DOC loading: Beginning load of document D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW.

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information SE_LOG: Document Load: File D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW opened OK

      2015-11-12 03:12:34 2015-12-02 13:06:32 4 700 Information Document Load: The document D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW was loaded.

      2015-11-12 03:12:34 2015-12-02 13:06:33 4 700 Information CAL usage: Named CAL "CORPUSERS\XP011818" now used - ok.

      2015-11-12 03:12:34 2015-12-02 13:06:33 4 100 Notice CAL usage: Using CAL of type "Named User" for user "CORPUSERS\XP011818". Named user cals in use: 2

      2015-11-12 03:12:34 2015-12-02 13:07:26 4 700 Information Ticket created: Ticket (E1922BC809099519988B7899F7155C6BF967E9C5) for CORPUSERS\23060649.

      2015-11-12 03:12:34 2015-12-02 13:07:26 4 700 Information Ticket Lookup: Ticket E1922BC809099519988B7899F7155C6BF967E9C5 was found.

      2015-11-12 03:12:34 2015-12-02 13:07:26 4 700 Information SE_LOG: Document Load - ODE1: Document D:\QV-DOCS\USERDOC\110.IDD\DIIS.qvw, AuthenLev(2). Authuser()

      2015-11-12 03:12:34 2015-12-02 13:07:26 4 700 Information SE_LOG: Server - UpdateSharedFile: updating DONE for document D:\QV-DOCS\USERDOC\110.IDD\DIIS.QVW

      2015-11-12 03:12:34 2015-12-02 13:07:27 1 300 Error Server - ConnectToLoaded: TryDinamicRD. AS(3). Strict(1). Access(2). errId(-4).

      2015-11-12 03:12:34 2015-12-02 13:07:27 1 300 Error Server - ConnectToLoaded: TryDinamicRD. AS(3). Strict(1). Access(2).

      2015-11-12 03:12:34 2015-12-02 13:07:27 4 700 Information SE_LOG: Document Open: Open document: No access to the file 110.IDD/DIIS.qvw (e=-4)

      2015-11-12 03:12:34 2015-12-02 13:07:27 2 500 Warning Document Load: The document D:\QV-DOCS\USERDOC\110.IDD\DIIS.qvw failed to load because of no file access [19].

       

      We have Initial Data Reduction Based on Section Access and Strict Exclusion activated.

      If we remove Strict exclusion access is granted but the user can see all data in the app.

       

      We have used OSUser() to make sure that when the user CORPUSERS\23060649 accesses the app via accesspoint he really uses the account CORPUSERS\23060649. This was done when we deactivated section access.

       

      We are using QV version 11.20.12852.0  SR 11 64 bit

       

      Does anyone have any idea why access is not granted for the user when he is in the section access table?

       

      br

      Martin Norman

        • Re: Problem with section access when opening app from accesspoint
          Marcus Sommer

          I know a similar behaviour which was caused by opening + saving the application without a reload which then prevented the access. If this is the case you need to make sure that always a reload happens before the application is saved.

           

          Further helpful could be to uncomment the section access statement or to load it within the section application again (without further doings synthetic keys will occur but for this testing it's rather not important) to be able to see the connections within the datamodel and to build an access-table within the gui - maybe there is something unexpected. This meant to include checks like len() and on chars chr() / ord() and compare it against osuser() if there not more evidently reasons.

           

          - Marcus

          • Re: Problem with section access when opening app from accesspoint
            Peter Cammaert

            Best practice says to always reload a document on the server, using a SectionAccess ADMIN account that has nothing in the link field (OPERATOR in your case). The forced reload-before-distribution is especially useful when your document crosses domains (e.g. a consultant develops a document in another domain but with the correct SA entries)