Until now, we have focused our efforts on getting data into QlikView and presenting it in dashboards, analyses, and reports. Our documents were open to anyone with access to QlikView. As QlikView documents can contain huge volumes of sensitive data, in a real world scenario, leaving your data unsecured might be a very risky proposition.
In this chapter, we will focus on how we can secure our QlikView documents. We will first look at how we can make parts of the script only accessible to a limited group of developers. Next, we will see how we can ensure that only authorized users have access to our document. We will finish this chapter by looking at how we can set different permissions for authorized users and can limit which data a user can interact with.
Specifically, in this chapter you will learn:
- How to create a hidden script that is only accessible to a select group of developers
- How to allow only authorized users to open your document
- How to limit what a user can do and see within your document
Time to start locking things down!
When QlikView script is being executed, the results of the actions are written to the
Script Execution Progress window (and, if enabled, the log file). While this is a very useful feature to see what happened during reload, sometimes you do not want certain things (for example, login credentials) to be visible to everyone. In fact, sometimes you do not even want all developers to have access to the entire script. This is where the hidden script comes into play.
The hidden script is a password protected part of the script. It is always the left-most tab (and cannot be moved), so it is executed before the regular script is reloaded. Anything that is executed within the hidden script is not written to the log.
Note
Logging for the hidden script can be turned on by checking the Show Progress for Hidden Script checkbox on the Security tab of the Document Properties. Note that this will allow others to use the debugger to step through the hidden code. Since this defeats a main point for using hidden script, it is not advisable to use this option.
The following screenshot shows us the Edit Script window:
Let's add a hidden script to our document by following these steps:
- Open our
Airline Operations.qvwdocument. - Open the Script Editor window.
- Go to File | Create Hidden Script in the menu.
- Enter the password
hiddentwice and click on OK to create the hidden script. - On the Hidden Script tab, enter the following statements:
TRACE This is a hidden script;
- Save and reload the document.
Notice how the
TRACE statement does not show up in the log file.
Tip
Reopening hidden script
When the password for the hidden script has been entered, the script remains visible in the Edit Script window. The script is hidden when the document is closed and other developers will not be able to see it without entering the password. To reopen a hidden script, select File | Edit Hidden Script from the menu and enter the password. Also, be aware that the password for hidden script cannot be recovered, so be sure to keep the password in a safe place.
In the next section, we will see how we can use a hidden script to securely set up user authorization.