Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
simondachstr
Luminary Alumni
Luminary Alumni

Your access pass credentials are being synced (403)

Hi all,

I am receiving the below error with only one(!) of my users:

Anerroroccurred.JPG

Log details:

  • Command=License user access;Result=403;ResultText=Error: Access denied
  • Login access denied for SessionID: 'd4feedb4-7c79-4660-af64-71f108a866bb', Hostname: "167.xxx.xx.xx", OperationType: 'UsageDenied'

Checks/Audits I have conducted:

  • The user has permission to view the app/stream/node.
  • Other users in the same AD group are not experiencing any issues (Security is AD Group driven)
  • The user has permission to lease a login access pass
  • There are free login access passes available to be leased
  • AD directory has been synced multiple times, the user is receiving the same error during the course of 3 days.
  • User is accessing Qlik Sense using Chrome, refreshing the browser does not work.

Any ideas on what is going on? Help is greatly appreciated!

Many thanks,

Martin

14 Replies
simondachstr
Luminary Alumni
Luminary Alumni
Author

Hi jog‌‌

Thank you very much for taking the time to reply in this thread. Before I deep dive into the various documents and best practices you provided, I need to be 100% sure this is not a bug that has come along with Qlik Sense 2.2.

Two of the checks I conducted were the following one:

  • Other users in the same AD group are not experiencing any issues (Security is AD Group driven)
  • AD directory has been synced multiple times, the user is receiving the same error during the course of 3 days.

Based on the above two, I am excluding the possibility that anything is wrong with my User Directory Connector. Also, after assigning a user access pass to the above user all other AD Group based security rules were working just fine. That would not be the case, if there were issues with the User Directory Connector, right?

Not applicable

Hi Martin, there is likely nothing wrong with your UDC config or the connection.  That it is working for others just means that their sync worked the first time they logged in.  I wonder if it has something to do with how many nests of groups or number of this particular user is a member of that is causing the problem.  If you send a recent copy of the userdirectory log where this user attempted login we should be able to spot what is possibly happening.  If it indeed does turn out to be something with the nest, or the query is not running optimally (as it should now) then you are correct, we will want to have you raise and escalate this issue as a potential bug.

Is the AD a large AD?  Do you have a sense of how many entities (users and groups)?

Do you mind screenshotting the udc configuration?  Do you have an LDAP filter in place?

jg

wonoh0817
Contributor III
Contributor III

One of our users lately started having the same issue, getting the same error message when she tried to access the Hub. I was able to resolve the issue by making some minor changes to the Users tables in the PostgreSQL database.

We have two VMs setup (one for Engine and one for Proxy) in our environment. I looked at the Users table from the both Engine and Proxy servers. I noticed that there's only one record per user. Yet, I found out that somehow the problematic user had two records inserted in the Engine side database instead. I also checked the same Users table from the Proxy server side and only found one record for the problematic user.  I deleted one record from the Users table in the Engine side database and updated ID in the Proxy side to make sure both users had the matched IDs between two servers.

Now the user is able to access the Hub successfully.

simondachstr
Luminary Alumni
Luminary Alumni
Author

Thank you for your solution!

Not applicable

Hi friends, We bought Qlik Sense, Enterprise and QAP.

I need to create a some kind of authentication, in a Sqlserver table with users.

Do we can do that?

I try with MS-Excel, Mysql and SqlServer, but I can see The users.