Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
marco_puccetti
Partner - Creator
Partner - Creator

QlikSense Security Rules

Hello, i need to know the logic of the evaluation of the security rules in qmc

In this case are them evaluated in 'and' condition or in 'or' condition?

sec_rules.png

Thanks

Marco

5 Replies
Gysbert_Wassenaar

A user begins with no access at all. You can only add permissions, not remove them. So any rule that gives a user permission to do something with an object will result in that user having that permission. Other rules cannot undo this.


talk is cheap, supply exceeds demand
marco_puccetti
Partner - Creator
Partner - Creator
Author

In this case how are applied the streams within a rule?

When there are two roles

  • ContentAdmin
  • SecurityAdmin
  • RootAdmin

In "and" or in "or" logic condition?

content_admin.png

security_admin.png

root_admin.png

with different types of authorization, which of them are applied or they are applied both at the same time?

My question is the following: i have a mashup application (extension) that is configured to be accessible locally, but from external machine (even if the access is set to anonymous) i get this error (the local user has the role of RootAdmin and it's also configured in the securityu rules):

NoAvailableAccess.png

So i have considered the error due to a bad server configuration. Have i to change the Resource filter too?

Thanks

Marco

Michael_Tarallo
Employee
Employee

Hi Marco - let me put another set of eyes on this.

jog‌ - anything you want to add?

Please mark the appropriate replies as CORRECT / HELPFUL so our team and other members know that your question(s) has been answered to your satisfaction.

Regards,

Mike Tarallo

Qlik

Regards,
Mike Tarallo
Qlik
Not applicable

No available access type means they don't have a token allocated to them to access.  This is a license access rule issue and not a security rule issue.

License rules are evaluated first to authenticate you to Qlik Sense (that is allocate a token).

Security rules are evaluated second to authorize your capabilities and access to Qlik Sense resources.

As Gysbert said, all security rules are additive.  They will run in whatever order they run, but the most privilege rule will win out.  Moreover, security rules are constantly re-evaluated against the user in the event their access changes during a session.

marco_puccetti
Partner - Creator
Partner - Creator
Author

I have tried to configure a login access rule but it doesn't work properly:

licence_access_rules.png

What have i to change in order to give the access to the extensions objects, to any machine in the net without any kind of credential?

Thanks

Marco