mine probably is not the answer, but I'd like to have a conversation that maybe could be helpful to you and me, to improve our skills. I've found your issues very interesting, and I'd like to see if my way to manage some problem could be "waterproof", or maybe improved.
Generally I create two apps:
- app one, that fetches the data and create only .qvd files;
- app two, that read only the .qvd files (created by app one) I want to be read, and it has all the visualizations.
The first app is put in a Stream that is seen only by me.
The second app, read all the data and the section access with load statements like
load*from ... .qvd;
so it is totally blank for the user.
What do you think?
with your approach you have potentially all the security issues as mentions in my original post.
The second app contains some script code for
a) loading data from QVD files from a certain lib
b) to apply section Access
If the script statements are visible for the key user in the load script he can add further code to override section or deactivate section access and get access to all data.
In the case you are the only person who have access to the LIB this is not secure enough if the user can create and execute a reload task in the QMC (which is requirement in my case).
If the user performs the reload by a task in the QMC the script code is performed with the user INTERNAL\sa_Scheduler who has access to all LIBs. This would therefore open access to unauthorized data.
The problem is if the app is duplicated, so they can have access to the script?
Because if so, only the owner could duplicate it
If you are the only owner, no one else could copy it, go to the load script and so on.
So if you publish it and no one could copy it, no one could read the load section.
I´m not sure if we have the same situation/requirements.
In my case local key users heed to have access to the script editor.
They also need to have access to certain apps in the QMC to make a copy, because the owner of the central app is someone else.
Further they need access to the task section in QMC to schedule reload tasks.
With These preconditions I can´t find a secure way to protect data.
thanks for your answer. As already written in the initial post regarding 1)
b) In case the load script is stored in an external include-file the key user could download the log of the executed task and re-construct the complete script
Regarding 2) Binary Load is not supported as I know. Further a binary load wouldn´t apply section access I think.
Any other solutions?
You´re right. Binary Load is allowed. But in case the app folder must be accessible as a LIB, which would cause to have access to all other apps (which have no section access).
To create a job to copy the app to somewhere else is also no option.
Finally the binary load load´s only data including section access. Visualisations, sheets and other staff is not loaded.
Therefore I can drop out this option.
Maybe another idea to fulfill requirements of initial post?