https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39409#M723 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In what order will the allocation of a login access token be done by a security order?</P><P>Example:</P><P>- Two pools with each 10 tokens.</P><UL><LI>Security rule pool 1: Usergroup = Login access</LI><LI>Security rule pool 2: Usergroup = Login access <STRONG>and </STRONG>Dashboard = Employee</LI></UL><P></P><P>Do i need to specify anything to make sure that a user that has the Employee properties does not uses tokens from pool 1? </P></BODY></HTML> Mon, 16 Apr 2018 08:41:49 GMT tmathijssen 2018-04-16T08:41:49Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39409#M723 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In what order will the allocation of a login access token be done by a security order?</P><P>Example:</P><P>- Two pools with each 10 tokens.</P><UL><LI>Security rule pool 1: Usergroup = Login access</LI><LI>Security rule pool 2: Usergroup = Login access <STRONG>and </STRONG>Dashboard = Employee</LI></UL><P></P><P>Do i need to specify anything to make sure that a user that has the Employee properties does not uses tokens from pool 1? </P></BODY></HTML> Mon, 16 Apr 2018 08:41:49 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39409#M723 tmathijssen 2018-04-16T08:41:49Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39410#M724 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Maybe <A href="https://community.qlik.com/qlik-users/77808">mto</A>‌ or <A href="https://community.qlik.com/qlik-users/184092">ltu</A>‌ can take a look here ?</P></BODY></HTML> Mon, 16 Apr 2018 09:17:10 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39410#M724 YoussefBelloum 2018-04-16T09:17:10Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39411#M725 <HTML><HEAD></HEAD><BODY><P>I've not seen a way to prioritize rules. I'd guess they'd evaluate in the order defined or possibly to the most restrictive.</P><P>Personally, I define my rules to be explicit so there is no question of some getting (or not getting) what they are supposed to.</P></BODY></HTML> Mon, 16 Apr 2018 17:16:13 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39411#M725 dwforest 2018-04-16T17:16:13Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39412#M726 <HTML><HEAD></HEAD><BODY><P>Hey <STRONG>Tom</STRONG>, </P><P></P><P>Yes, I'd expect so.</P><P></P><P>On my end, I have the following rules:</P><P>Pool 1: ((user.userId like "*"))</P><P>Pool 1: ((user.userId like "*" and user.name like "*"))</P><P></P><P>When simulating users, the users use tokens from Pool 1.</P><P></P><P>So something like <SPAN style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">Usergroup = Login access AND <SPAN style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">Dashboard != Employee seems like a valid strategy (may need to experiment with user.dashboard.Empty() potentially).</SPAN></SPAN></P><P><SPAN style="color: #3d3d3d; font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #3d3d3d; font-size: 13px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Hope that helps.</SPAN></P></BODY></HTML> Tue, 17 Apr 2018 18:01:38 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39412#M726 Levi_Turner 2018-04-17T18:01:38Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39413#M727 <HTML><HEAD></HEAD><BODY><P>Levi,</P><P></P><P>So i need to make sure that no overlap in the security rules exists.</P></BODY></HTML> Wed, 18 Apr 2018 07:32:12 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39413#M727 tmathijssen 2018-04-18T07:32:12Z https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39414#M728 <HTML><HEAD></HEAD><BODY><P>Yes, in this scenario with License Rules. If you want to ensure that a rule will not be evaluated as true to ensure that that pool isn't touched then the schema is:</P><UL><LI>A AND NOT B</LI><LI>A AND B</LI></UL></BODY></HTML> Wed, 18 Apr 2018 15:25:29 GMT https://community.qlik.com/t5/Management-Governance/Login-access-token-security-rule-order/m-p/39414#M728 Levi_Turner 2018-04-18T15:25:29Z