Section Access in Qlik Sense is a way to control who can see and use data in our app. We can use Section Access as part of our data load script to secure our application. We make a security table to decide who can access what.
When someone opens the app, they only see the data they can see based on who they are. It’s important because it helps keep our app secure. This means that some data in the app may be hidden from certain users based on their identity.
Section Access consists of three main components:
Section Access table
Section Application
Reduction field
In Qlik Sense, the Section Access table allows us to control which users can access specific data within our Qlik Sense apps.
The main purpose of the Section Access table is data authorization and security.
This feature helps us to ensure that sensitive information is only available to authorized persons only.
It consists of the following columns:
USERNAME (User Identifier): This column contains the user's username or user identifier, i.e., Email address.
ACCESS (Access Type): This column specifies each user's access level. Access types can include “USER” for full access and “ADMIN” for administrative authority.
Reduction_Field(Data Reduction Field): This column defines the data reduction criteria for the data the user can access. It is used to set up rules that decide which data each user can see based on things like their department, where they are located, or their role.
A “section application” is a term commonly used to describe the Qlik Sense app where Section Access is applied. This app typically contains sensitive or confidential data we want to control access to.
In Qlik Sense's Section Access, a “Reduction Field” is a column in the Section Access table that we use to define rules for data reduction. Data reduction rules determine which data a user or group can access in a Qlik Sense app based on their attributes or characteristics.
For example, if we have a Qlik Sense app with a reduction field called “STATE”, we can set up rules in the Section Access table to limit users’ access to data based on their States. Users will only see data corresponding to their specific States as defined in the reduction field.
Implementing Section Access in Qlik Sense involves several steps. We must define user access and security rules within the Section Access table, linking users or groups to specific data subsets. Additionally, the reduction field should be correctly defined, and data connections should be set up to grant access only to authorized users. A strong understanding of the data model and the nature of the data you’re working with is crucial to successfully implement Section Access.
Qlik Sense Data Load Editor Script:
Description of the above section access code :
Temp_Table: This is a Qlik Sense data table with STATE and VALUE columns. This table acts as a sample dataset for the application.
Section Access: This section defines the access control rules for the Qlik Sense application. It restricts access to specific data based on user roles.
ACCESS: This field defines the access level or role. There are two roles, ADMIN and USER.
An ADMIN has access to every feature and functionality in the app, while a USER's access is limited to the areas they are authorized to access.
In other words, a USER can only see and interact with the parts of the app that they have been granted permission to use. This ensures that users can only perform actions relevant to their job roles and responsibilities.
We’ve implemented a strong measure to keep our application secure: only individuals listed in our security table are granted access. This ensures that if someone’s name isn’t on the list, they won't be able to log in or access the application. This security protocol is pivotal in safeguarding our system and data.
By strictly limiting access to those explicitly authorized, we create a protective shield against unauthorized entry. This secures our application against potential data breaches and shields our users from any dangerous activities. It’s a proactive step towards ensuring that only those who genuinely need access are granted it, contributing to the overall safety and integrity of our system.
USER.EMAIL: This field contains the email addresses of users. Each user is associated with one or more specific STATES in the data. Users can only see data related to the states they are associated with. This allows us to implement data-level security in your Qlik Sense application so that each user can only access data that they are authorized to see.
STATE: This field specifies which data a user can access. Users are associated with specific states and can only see data related to them.
Note: - Wildcard (*) means all data is accessible to the Admin or User. All the field names and values listed in LOAD statements in the access section must be written in uppercase. Convert any field name containing lowercase letters in the database to uppercase using the Upper function before reading the field by the LOAD statement. Example: upper(State)
Qlik Sense Section Access is a crucial tool for managing data access and ensuring security in applications. By utilizing the Section Access table, users can be assigned specific access levels and data reduction criteria, which restrict their view of authorized information. The Reduction Field, exemplified by the “STATE” column, enables customized data access based on user attributes.
The provided script demonstrates a practical implementation of Section Access, emphasizing the importance of careful configuration and understanding data models. By following these steps, organizations can enhance data privacy, streamline user access, and strengthen the overall security of their Qlik Sense applications.
