Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ernestotomacruz
Partner - Contributor II
Partner - Contributor II
‎2024-01-15 07:10 PM

Disabling the Button in the "New Sheet Object" Dialog

Is there a way to disable the Button option in the "New Sheet Object" dialog when using a native QlikView application from AccessPoint? We are using QlikView 12.50 SR3, and our Security Team found out that the button action's "External" event has File Path Traversal vulnerability that could be exploited by a malicious user. I know that the "New Sheet Object" dialog can be disabled from the Sheet Properties, but I am not sure if there is a way to disable only the Button option because disabling the whole dialog is not acceptable for many users of the QV application.

Labels (1)
Labels

  • Other

244 Views
0 Likes
3 Replies
marcus_sommer
MVP
MVP
‎2024-01-16 08:55 AM

I do remember that there were a few postings about adjusting the context-menu and also the menu-bar to exclude some options. But AFAIK there are no native customizing options for it else it would require a direct manipulation of the various htm/js-files of the access point which is probably not particular difficult for an advanced web-developer - at least from a technically point of view.

Administratively it should be well considered - origin files needs to be backup and by each release change it must be recovered and tested. More relevant would be that such approach would be working globally. Better as this might be to control the capability to access/create server-objects within the QMC on an user-level for each application.

198 Views
ernestotomacruz
Partner - Contributor II
Partner - Contributor II
‎2024-01-21 08:05 PM
Author

In response to marcus_sommer

Do you know where those htm/js files are located? Although at the context menu level I may only be able to disable or hide the New Sheet Object menu item and not the Button option in the dialog. That can already be done in the Sheet Properties.

169 Views
marcus_sommer
MVP
MVP
‎2024-01-22 01:21 AM

In response to ernestotomacruz

These files reside within your install-folder of QlikView in the sub-folder Web. Before playing with the files make sure that there are Backups to be able to restore the previous state.

Another investigation might go to not disabling the new object itself else to disable the usage of buttons within the object-list. It's very rare within the development of an application that buttons respectively the belonging actions would provide an added value and even more seldom as a user-feature within the access point.

149 Views