Summary: QV Version 12 removes per qvw control of the script EXECUTE Statement. In QV12 Server, the default is to disallow all EXECUTE statements. Any EXECUTE statement will fail unless you turn on the global setting to allow.
The QlikView script “EXECUTE” statement provides the capability to run external programs from script. Because EXECUTE may present a potential security risk, it’s use must be authorized. QlikView Version 12 changes how EXECUTE authorization is granted.
In QV11 Desktop, the script editor Settings pane provides a checkbox labeled “Can Execute External Programs”. This property is set per qvw.
When an EXECUTE statement is encountered, execution is allowed if the property is checked. If not checked, a popup is presented asking for permission.
The “User Preference: Security: Always Override Security: Script” may be checked on to bypass the Execute permission check.
If “Script” is checked, the execute statement will be allowed regardless of the “Can Execute External Programs” setting.
Authorizing Execute works differently in QV11 Server reloads. In QV11 Server prior to SR11, Execute statements were always allowed. The “Can Execute External Programs” property has no effect.
QV11 SR11+ Server introduced a new setting
Setting the value to “0” prohibits Execute in any reload on the server, setting to “1” allows all Execute statements. The default is “1”, allow.
The “AllowExecuteCommand” is set in the QVB settings file “C:\Windows\System32\config\systemprofile\AppData\Roaming\QlikTech\QlikViewBatch\settings.ini”. See the SR11 or QV12 Release Notes for more information.
To summarize QV11 controls — In desktop, it is possible to control Execute on a qvw by qvw basis. In Server SR10 and earlier, Execute is always allowed. In SR11+, Execute may be allowed or disallowed for all qvws via the “AllowExecuteCommand” setting.
On to QV12. In QV12 IR Desktop, the “Can Execute External Programs” checkbox is present but it has no impact on script execution. The only way to allow Execute is to check on the “Always Override Security: Script” User Preference setting.
I hope the “Can Execute External Programs” checkbox is removed in a future SR as it no longer seems to have any use.
QV12 Server uses the “AllowExecuteCommand” ini setting. The default is “0”, disallow, which is different than QV11.
To summarize QV12 controls — In Desktop, Execute is allowed or disallowed for all qvws via the “Always Override Security: Script” User Preference setting. In Server, Execute is allowed or disallowed for all qvws via the “”AllowExecuteCommand” setting.
A summary of controls for both versions:
To allow Execute in Qlik Sense, you must enable Legacy mode. Turning on Legacy mode also allows file path references in LOAD statements. I’m guessing most Sense users would not accept this side effect, which may mean that Execute is not practical in the Sense environment.
Execute is not a commonly used script statement. If you are using Execute, I hope this post helps you plan for QV12.