New age BI tools like QlikView and Tableau are making it easy to access information on the go. With this ease of access, there comes an additional danger – the danger of putting the application in wrong hands. Imagine what can happen if your QlikView application (which stores and presents information for all business critical decisions) falls in wrong hands!
Data Security is one of the top concerns for any Organization, more so for data driven Organizations.
In order to gaurd against this danger, QlikView (& now QlikSense) come with Section Access – a way to decide who can view what information, which objects can be viewed by whom and from which domain etc. These can also be set with help of QlikView publisher. In this article, we will discuss section access and show how it can be applied to a QlikView application.
New Feature
Get Personalized Learning Path! Set your goal and timeline. Get a path—under 2 mins.
What is Section Access?
It is a feature used to control the security of QlikView applications. Section access is defined as part of the load script, where we define an authorization table, i.e. a table where you define who gets to see what information and from where. Section access can be of various types, depending on the sensitivity of the information and business comfort:-
- A simple username and password might be sufficient to access some documents
- In some scenarios, you would want specific users in your domain to be logged in specific machines and use certain keys to unlock the information.
- You may also want to restrict access to specific objects and sheets of a document.
- Remove fields from the data model for the specified user (by omitting them).
- Row level data reduction based on authorization mentioned.
In this article, we will cover row level data reduction only and rest of the methods will be discussed in future posts.
Facts before Implementing Section Access:
Here are some basic rules to remember before implementing section access:-
- Backup your application because Incorrect syntax will render your document inaccessible and there’s no possibility of recovering the data or script.
- Section access data (Security table) loaded by an external source (xlsx, txt …) must be loaded by using upper case in the SECTION ACCESS statement.
- Security table contains several user-specific system fields, like USERID, PASSWORD, ACCESS are basic system fields. You can also combine several fields to build the Section Access solution depending on the desired level of security. (To know more about System fields, please refer QlikView Reference Manual).
- Apart from the standard fields, additional fields can be defined to administer data reduction for each user.
Problem:
For Sachin Dashboard (we had created this application as a tribute to Sachin’s test career), I want to restrict users to see his performance against a particular country only. Look at below security table, it defines the permission to user.
You can see that we have defined 10 users with userid, password, level of access and value for field AGAINSTCOUNTRY, for which these users require access. One of the key things, I want to discuss in the above table is, “*” in Section Access. “*” denotes all values i.e. users, who have access to see all values listed in the table. If a value is not listed in the security table, it will not be available to anyone.
For ACCESS, we have two access levels “ADMIN” and “USER”. ADMIN has privileges to change everything in the document and controls what “USER” can see in the document.
Implementation of Section Access:
Now let’s Implement this section access to an existing document. We will perform this in following steps:-
- Create a copy of existing document because if any thing goes wrong, we have a backup.
- As we know that we are going to apply restriction on row level data based on Against_Country field, so first let’s make sure that it is available in UPPER case. Here, I have converted it to upper case (Changes done to the original table).
- Add a new tab and write script to import Security table followed by Section Access statement using inline table or external file. (We are doing this with external file).
- Save document and then go to Setting —> Document Properties —> Opening tab and turn check box on for “Initial data reduction Based on Section Access” and “Strict Exclusion”.
- Save it and reload. Close the dashboard after the reload.
- Now Open dashboard, here it will ask for User Identification and based on your user permission you will be able to see the results.
- Here, I have given USERID and password of Kunal and i am able to see Sachin Test Career summary only for the country Australia (as mentioned in Security table).
End Notes:
In this article, we have seen an example of how to restrict user to row level data limitation using Section Access. We also looked at what are security feature we should look at while developing or delivering dashboard. I recommend you to apply security feature to document before sharing it with any one.
In future, we will also discuss about other security features like NT domain identification, document properties (Sheets, Object), field level security. It also provides an example of how naming conventions can be used to architect a solution that is more robust and lowers maintenance costs for your QlikView documents.
If you like what you just read & want to continue your analytics learning, subscribe to our emails, follow us on twitter or like our facebook page.
photo 1 credit: Yuri Yu. Samoilov via photopin cc
Sunil Ray is Chief Content Officer at Analytics Vidhya, India's largest Analytics community. I am deeply passionate about understanding and explaining concepts from first principles. In my current role, I am responsible for creating top notch content for Analytics Vidhya including its courses, conferences, blogs and Competitions.
I thrive in fast paced environment and love building and scaling products which unleash huge value for customers using data and technology. Over the last 6 years, I have built the content team and created multiple data products at Analytics Vidhya.
Prior to Analytics Vidhya, I have 7+ years of experience working with several insurance companies like Max Life, Max Bupa, Birla Sun Life & Aviva Life Insurance in different data roles.
Industry exposure: Insurance, and EdTech
Major capabilities: Content Development, Product Management, Analytics, Growth Strategy.
I have some issues can you please guide me to solve. For instance i have applied section access to a document with five users when trying to access the same document with different user access qlik server throws an error saying "Qlikserver trying to reconnect..." how to solve this issue. I have 5 name CAL and 10 doc CAL Thanks for your help
You can now test our new Product SAM that will fully automate Section Access Generation product. It is no longer necessary to maintain a section access list in Excel or in your database, SAM offers you a complete web application that will secure all your data accesses. A user can request access to an application with a simple form. Then administrators get notified and can assign the RESTRICTIONS and OMITS from the proposed fields values. User access are generated from on a single line per user, no need to generate tedious cartesian products and include all values to get a "*" value working correctly . Moreover SAM is able to generate an automatic access section from the authorizations of the QMC, a time saving for simple cases. More details on our website or contact me at jp.golay@ebiexperts.com
hi many thanks for your article. I have a dashboard with several sheets, so I want to restrict a specific user to seeing just a particular sheet. how can I do that?