Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-09-20 11:33 AM

Resource Filters for Root Admin?

I am trying to create a Security Rule for Root Admin with the following Resource Filter: App_*,App.Object_*,ContentLibrary_*,DataConnection_*,EngineService_*,Extension_*,PrintingService_*,ProxyService_*,ReloadTask_*,RepositoryService_*,SchedulerService_*,ServerNodeConfiguration_*,Stream_*,User_*,UserSyncTask_*,VirtualProxyConfig_*

I am the default Root Admin and the structure that we have in our org is that we have an AD Group by the name ADMIN_Access, and people who need to be Root Admins are added to this AD Group.

When someone else is added to this AD Group, they are able to open QMC but all the tabs are blank.

When I change the Resource Filter to just: *

the added person has access to all the components of the QMC. Why does this happen?

1,831 Views
0 Likes
1 Solution

Accepted Solutions
Not applicable
‎2016-09-20 12:15 PM
Author

Hi Ashutosh,

You need to add another rule that turns on the QMC Sections that the group will be able to access.

If you look at the GSS rules for QMC Access, there are two rules.  One is for the resources themselves (like you have created) and another for the QMC Sections.

2016-09-20 12_12_43-Settings.png

This is an example of course but you can see the QMC Section reference in the resource filter.

More about QMCSections may be found here in the help: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/create-QMC-organizational-...

and here: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/available-resource-filters...

Hope this helps!

Jeff G

View solution in original post

794 Views
0 Likes
5 Replies
Not applicable
‎2016-09-20 12:15 PM
Author

Hi Ashutosh,

You need to add another rule that turns on the QMC Sections that the group will be able to access.

If you look at the GSS rules for QMC Access, there are two rules.  One is for the resources themselves (like you have created) and another for the QMC Sections.

2016-09-20 12_12_43-Settings.png

This is an example of course but you can see the QMC Section reference in the resource filter.

More about QMCSections may be found here in the help: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/create-QMC-organizational-...

and here: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/available-resource-filters...

Hope this helps!

Jeff G

795 Views
0 Likes
Not applicable
‎2016-09-20 12:29 PM
Author

Thanks for the reply.

What is the significance of " Context" at the bottom left side, below the filter, which has 3 selections

--Both in hub and QMC

--Only in hub

--Only in QMC

I thought that if we select the Context as "Both in hub and QMC" then the user should have access to all resources mentioned in the Resource Filter in hub as well as QMC.

Is this not the case?

794 Views
0 Likes
Not applicable
‎2016-09-20 12:56 PM
Author

In response to

So context determines where the rule is evaluated.  In the hub, in the qmc, or both.  For the actual resources you may want to set the rule context to both.  For the qmcsections they are only applicable to qmc so set the rule context to qmc.

For more information on how rules work please have a watch of the following video: SecurityRulesFullPresentation.mp4 - Google Drive

794 Views
0 Likes
Not applicable
‎2016-09-20 03:11 PM
Author

In response to

Hi Jeffrey,

I did try the filter

QmcSection_Stream,QmcSection_App,QmcSection_App.Sheet, QmcSection_App.Story,QmcSection_Tag, QmcSection_Task, QmcSection_ReloadTask, QmcSection_Event, QmcSection_SchemaEvent, QmcSection_CompositeEvent


but this does not work and then I tried QmcSection* as resource filter and it works.


Further, on this site: https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Confi...

it mentions Context as "You can specify whether the security rule should apply: Both in hub and QMC, Only in hub or Only in QMC."

according to which we should not require another rule for QMC access?

794 Views
0 Likes
Not applicable
‎2017-03-28 06:51 AM
Author

In response to

So the first step is to identify what sections of the QMC a user would have access to.  The next is a rule defining which content they can see in that section of the qmc.  So you do need two rules; one for the section itself, and another for what you want to see in it.

794 Views
0 Likes