topic Re: Missing Login access rules in License Management in Management & Governance

Missing Login access rules in License Management

maxloveiii — Tue, 14 May 2019 09:58:45 GMT

How can I allow Anonymous Access in QMC at Licence management section of new version Login access rules was disappear. Are there other way to do that or bring it back? (New-Old Images)

In Qlik help document still this access types.

Thanks in advance.

Max

Re: Missing Login access rules in License Management

Bastien_Laugiero — Tue, 14 May 2019 13:33:03 GMT

Hello,

With the Profesional/Analyzer license model, it is not possible to allow anonymous access.

To allow anonymous access to your platform you have several options:

Go back to a token based license model (as displayed on your second screenshot).
Use the new Analyzer Capacity license model (this can be added on your Professional/Analyzer license). See this page for more details. Note that you will need to run at least on Qlik Sense February 2019.
Use a Qlik Analytics Platform (QAP) license that is limited to the number of cores that can be used for the Qlik Engine service.

Here is an article summarizing this. Does the Qlik Sense professional/analyzers license allow anonymous access?

I would suggest to reach out to your account manager to help you out.

Hope this helps!

Re: Missing Login access rules in License Management

johnpaul — Fri, 17 May 2019 03:37:12 GMT

Hi @Bastien_Laugiero ,

Thanks for clearing that license issue up.

However, even if you have a valid license, the documentation on how to configure anonymous access is unclear.

I have created a new virtual proxy which allows anonymous access https://cl.ly/e31027f882e4

I have also created a rule to allow access to all users: https://cl.ly/0d10270c37ef

An anonymous user is able to get to the hub, but not to the app: https://cl.ly/6146c1f0f6c1

When attempting to access the app: https://cl.ly/12e56bbea9d4

There's a rule in the stream: https://cl.ly/6531ea6fce16

Any ideas?

Re: Missing Login access rules in License Management

Bastien_Laugiero — Fri, 17 May 2019 06:47:12 GMT

Hello,

Thanks for your feedback. I looked at the different screenshot and I see that you have created a security rule which will provide permissions to open the app.

But in addition, you also need an access pass and this is what the error message is complaining about.

If you have a token based license you need to create a Login Access Rule and you can follow this article for that: https://support.qlik.com/articles/000005452
If you are using an Analyzer capacity license, you normally shouldn't have to do anything but based on the error message you get I am guessing that you are using a Token based license.

Hope this helps!

Re: Missing Login access rules in License Management

johnpaul — Fri, 17 May 2019 06:52:15 GMT

Hi Bastien,
Thanks for your feedback - the license is Analyzer capacity license, so there's no Token.
I think perhaps using the QAP you cannot open an app, only mashups / single objects?

I have now got the access to single objects working OK, using the security rule.
The problem is that an anonymous user is now able to get access to the dev-hub.
What's the recommended security rule to block that access?
Thanks,
Jp.

Re: Missing Login access rules in License Management

Bastien_Laugiero — Fri, 17 May 2019 07:58:37 GMT

Hello John,

Great to hear. You are correct, with QAP you can only access the dev-hub and the monitoring apps from the hub.

So it's currently not possible to disable access to the dev-hub. A feature request has been created about it and will eventually be implemented in a future release. https://support.qlik.com/articles/000023582

It's, however, possible to restrict the access inside the dev-hub by disabling/modifying the default security rule called "Extension" which basically provides Read access (not Update) to everyone. Note that this will alter the permission in the extensions in the Hub as well (any application having extensions).

The other possibility is to implement a reverse proxy in front of Qlik Sense to basically block the Dev-hub URL.

Hope this helps!

Re: Missing Login access rules in License Management

johnpaul — Fri, 17 May 2019 08:03:20 GMT

Thanks, - yes, I wasn't able to actually do anything in the dev-hub, but view.
It's very concerning, as we will have a security audit done and this will not pass.
We will have to use the reverse proxy, probably nginx, or MS application gateway.

Re: Missing Login access rules in License Management

maxloveiii — Sun, 19 May 2019 08:00:12 GMT

Thanks for your help.
Max