topic Re: Resource Filters for Root Admin? in Management & Governance

Resource Filters for Root Admin?

Wed, 29 Jan 2025 17:06:43 GMT

I am trying to create a Security Rule for Root Admin with the following Resource Filter: App_*,App.Object_*,ContentLibrary_*,DataConnection_*,EngineService_*,Extension_*,PrintingService_*,ProxyService_*,ReloadTask_*,RepositoryService_*,SchedulerService_*,ServerNodeConfiguration_*,Stream_*,User_*,UserSyncTask_*,VirtualProxyConfig_*

I am the default Root Admin and the structure that we have in our org is that we have an AD Group by the name ADMIN_Access, and people who need to be Root Admins are added to this AD Group.

When someone else is added to this AD Group, they are able to open QMC but all the tabs are blank.

When I change the Resource Filter to just: *

the added person has access to all the components of the QMC. Why does this happen?

Re: Resource Filters for Root Admin?

Tue, 20 Sep 2016 16:15:26 GMT

Hi Ashutosh,

You need to add another rule that turns on the QMC Sections that the group will be able to access.

If you look at the GSS rules for QMC Access, there are two rules. One is for the resources themselves (like you have created) and another for the QMC Sections.

This is an example of course but you can see the QMC Section reference in the resource filter.

More about QMCSections may be found here in the help: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/create-QMC-organizational-admin-roles.htm

and here: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/available-resource-filters.htm

Hope this helps!

Jeff G

Re: Resource Filters for Root Admin?

Tue, 20 Sep 2016 16:29:53 GMT

Thanks for the reply.

What is the significance of " Context" at the bottom left side, below the filter, which has 3 selections

--Both in hub and QMC

--Only in hub

--Only in QMC

I thought that if we select the Context as "Both in hub and QMC" then the user should have access to all resources mentioned in the Resource Filter in hub as well as QMC.

Is this not the case?

Re: Resource Filters for Root Admin?

Tue, 20 Sep 2016 16:56:41 GMT

So context determines where the rule is evaluated. In the hub, in the qmc, or both. For the actual resources you may want to set the rule context to both. For the qmcsections they are only applicable to qmc so set the rule context to qmc.

For more information on how rules work please have a watch of the following video: SecurityRulesFullPresentation.mp4 - Google Drive

Re: Resource Filters for Root Admin?

Tue, 20 Sep 2016 19:11:35 GMT

Hi Jeffrey,

I did try the filter

QmcSection_Stream,QmcSection_App,QmcSection_App.Sheet, QmcSection_App.Story,QmcSection_Tag, QmcSection_Task, QmcSection_ReloadTask, QmcSection_Event, QmcSection_SchemaEvent, QmcSection_CompositeEvent

but this does not work and then I tried QmcSection* as resource filter and it works.

Further, on this site: https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_ConfiguringSecurity_Acces…

it mentions Context as "You can specify whether the security rule should apply: Both in hub and QMC, Only in hub or Only in QMC."

according to which we should not require another rule for QMC access?

Re: Resource Filters for Root Admin?

Tue, 28 Mar 2017 10:51:44 GMT

So the first step is to identify what sections of the QMC a user would have access to. The next is a rule defining which content they can see in that section of the qmc. So you do need two rules; one for the section itself, and another for what you want to see in it.