Design and deploy scalable access controlPublished: 3-Aug-2015, Revision: 1.0Valid for Qlik Sense Version: 2.0.2+
Why It's Important
Qlik Sense security rules offer granular control of resources and capabilities within a Qlik Sense deployment using attributes from enterprise directory services and custom properties. Proper planning regarding access control will simplify writing security rules and potentially reduce the overall rules required to manage a Qlik Sense deployment.
Best PracticeLeverage existing directory attributes to create rules to govern access in Qlik Sense. The most commonly used attribute with Qlik Sense is the Group attribute because existing groups generally map to access control in the enterprise.
Create roles to define access control and assign users to roles. Doing so reduces the opportunity for "rule creep" and avoids granular level user access control.
Use provided security rules as templates; copy definitions, disable rules, and create new entries with copied definitions. This sequence ensures a back out plan if created rules do not work as intended. Qlik Sense supplied rules carry a type of Read only or Default.
Use Qlik Sense resource properties in security rules to define access to specific resources without creating specific rules for each resource.
Improve performance by selecting context. Rules created for hub and qmc context are necessary, however, keep in mind rules running in both context have increased overhead.
The overall goal with security rules implementation in Qlik Sense is efficiency, flexibility, and scalability. Following the best practice tips above prevent rule creep, take advantage of included expressions and properties, and use existing user directory attributes to deploy a governed Qlik Sense environment.