New age BI tools like QlikView and Tableau are making it easy to access information on the go. With this ease of access, there comes an additional danger – the danger of putting the application in wrong hands. Imagine what can happen if your QlikView application (which stores and presents information for all business critical decisions) falls in wrong hands!
Data Security is one of the top concerns for any Organization, more so for data driven Organizations.
In order to gaurd against this danger, QlikView (& now QlikSense) come with Section Access – a way to decide who can view what information, which objects can be viewed by whom and from which domain etc. These can also be set with help of QlikView publisher. In this article, we will discuss section access and show how it can be applied to a QlikView application.
It is a feature used to control the security of QlikView applications. Section access is defined as part of the load script, where we define an authorization table, i.e. a table where you define who gets to see what information and from where. Section access can be of various types, depending on the sensitivity of the information and business comfort:-
In this article, we will cover row level data reduction only and rest of the methods will be discussed in future posts.
Here are some basic rules to remember before implementing section access:-
For Sachin Dashboard (we had created this application as a tribute to Sachin’s test career), I want to restrict users to see his performance against a particular country only. Look at below security table, it defines the permission to user.
You can see that we have defined 10 users with userid, password, level of access and value for field AGAINSTCOUNTRY, for which these users require access. One of the key things, I want to discuss in the above table is, “*” in Section Access. “*” denotes all values i.e. users, who have access to see all values listed in the table. If a value is not listed in the security table, it will not be available to anyone.
For ACCESS, we have two access levels “ADMIN” and “USER”. ADMIN has privileges to change everything in the document and controls what “USER” can see in the document.
Now let’s Implement this section access to an existing document. We will perform this in following steps:-
In this article, we have seen an example of how to restrict user to row level data limitation using Section Access. We also looked at what are security feature we should look at while developing or delivering dashboard. I recommend you to apply security feature to document before sharing it with any one.
In future, we will also discuss about other security features like NT domain identification, document properties (Sheets, Object), field level security. It also provides an example of how naming conventions can be used to architect a solution that is more robust and lowers maintenance costs for your QlikView documents.
photo 1 credit: Yuri Yu. Samoilov via photopin cc
Lorem ipsum dolor sit amet, consectetur adipiscing elit,