topic Security rule based on which virtual proxy a user logs on to in Management & Governance

Security rule based on which virtual proxy a user logs on to

petgr138 — Sat, 16 Nov 2024 05:45:38 GMT

Hi,

Is there a way to include a condition in your security rules for which virtual proxy a user logs on to?

For example, if the user logs on to virtual proxy A one rule is applied and if the user logs on to virtual proxy B a different rule is used.

Grateful for any suggestions.

Best regards

Petter Grundström

Re: Security rule based on which virtual proxy a user logs on to

Bastien_Laugiero — Thu, 23 May 2019 14:39:45 GMT

Hello,

I have done some testing and can't find a way to do that (even using custom properties), unfortunately.

The list of available resource condition resources is available here. Maybe there will be one that you can use instead of the virtual proxy.

Re: Security rule based on which virtual proxy a user logs on to

petgr138 — Thu, 23 May 2019 14:48:05 GMT

Hi,

Thanks for the answer!

The only workaround I can think of is to make users who log on to virtual proxy A belong to user directory A and users who log on to virtual proxy B belong to user directory B and then write security rules based on user directories instead.

However, in my case we sync the users with an Active Directory user directory connector which means they automatically belong to the same user directory as in the AD. Is there a way to change which User Directory they belong to?

Best regards

Petter

Re: Security rule based on which virtual proxy a user logs on to

Bastien_Laugiero — Thu, 23 May 2019 14:55:39 GMT

Hello,

If the users connecting to Virtual Proxy 1 and the users connecting to Virtual Proxy are not the same then you have multiple ways to handle this.

You could, for instance, create an active directory group to differentiate them or even create a custom property in Qlik Sense and base your security rule on that.

I thought that the same users will access both the virtual proxies so that's why I didn't suggest that before.

Hope this helps!

Re: Security rule based on which virtual proxy a user logs on to

petgr138 — Thu, 23 May 2019 15:04:26 GMT

No, you were right, it is the same users.

The reason I want to differentiate the users based on which virtual proxy is that one of our virtual proxies will give the users elevated access. We have two nodes and one of them should only be used by Super Users, but the Super Users can also access the other node which is used by everyone.

So two nodes with separate virtual proxies but all the users belong to the same User Directory in the AD.

Best regards

Petter

Re: Security rule based on which virtual proxy a user logs on to

prem1234 — Mon, 31 May 2021 07:11:06 GMT

Hi,

Did you find way to define security rule based on Virtual proxy, We have tried creating virtual proxies A and B for same users.
A will be accesible from Internet and B is only for Intranet. No we would like to restrict export app objects data while users connected to virtual proxy A. Can you please help if this is possible?

Re: Security rule based on which virtual proxy a user logs on to

Bastien_Laugiero — Mon, 31 May 2021 07:47:38 GMT

Hello!

As far as I know you cannot use the Virtual Proxy directly in your condition.

However I believe you could use the condition "user.environment.ip" since the users are coming from different network.

Here is an example that could help: https://help.qlik.com/en-US/sense/June2019/Subsystems/ManagementConsole/Content/Sense_QMC/access-to-stream-by-ip-address.htm

Note: To use the user.environment conditions, you must enable Extended security environment in the virtual proxy.

Hope this helps!