Application security in Qlik Sense relies on attribute-based access control(ABAC) for resource access such as streams, applications, and even sheets and charts.
Section Access performs column and row-level dynamic data reduction.
Section Access works both in QlikView and Qlik Sense. However, there are nuances of difference worth considering.
For example, Qlik Sense requires UserID field whereas QlikView requires NTNAME.
Qlik Sense introduced a new Group field for the Section Access control table whereas in QlikView groups are listed under NTNAME and require a domain name prefix.
Another option that I like is to have the ability to open an app without data. This will ensure that you won’t ever lose access to the application even if you make an inadvertent mistake in creating your Section Access control table.
In a nutshell, the authorization is a two-step process.
- Attribute access control provides a flexible rule engine to grant the user access to various resources to perform an action on those resources. You can use user attributes along with custom properties to create custom rules for various self-service roles within your organization.
- Section Access performs dynamic data reduction based on the control table defined within the script.
If you are a QlikView developer, knowing these subtle differences between QlikView and Qlik Sense Section Access will save you time and heartburn.