topic Re: Security Rule For Limiting Extensions User Access in Integration, Extension & APIs

Security Rule For Limiting Extensions User Access

_Adam_ — Mon, 06 Feb 2023 09:45:47 GMT

Hi All,

I need help with configuring "Special" security rule for Extensions in Qlik Sense.
I've searched around and found this post, but it seems that the soultion suggested will not fit.
https://community.qlik.com/t5/Deployment-Management/Qliksense-Extension-Permission-Security-rule/td-p/1984878

We have 60 Extensions, we need to limit the access for 3 special extensions for only a specific users group. (We have active directory group that includes the allowed users to access).
I dont mind that this specifc group of users will see the all the 60 extensions, but I dont want all the other qlik users to be able to view those special extensions.

Is there is a way that I can modify those 3 special extensions to make it viewable only for the specific group ?
We need a soultion that can be managed easily in the future.
I've added a screenshot of the extension that I want to limit access to.

Thank you,
Adam

Re: Security Rule For Limiting Extensions User Access

henrikalmen — Mon, 06 Feb 2023 10:24:00 GMT

Security rules always allow access, they don't deny it. So you need to exclude the three extensions from the general extension rule (something like resource.id!=ExtensionID), and then create a new rule that allows the three extensions for your specific users (and for e.g. admins).

Re: Security Rule For Limiting Extensions User Access

_Adam_ — Wed, 08 Feb 2023 06:56:12 GMT

Hi @henrikalmen,

Thank you for your feedback, It's been a great help for me.
I wanted to share how I did it in case other members will be needing to set something similier on their enviroments.

On the picture "New customised general security rule" its basically the new general rule that allows everyone to view all extensions except the ones I wanted to exclude. (I disabled the default "Extensions" rule)

If you will take a look on the attached picture callled "Security Rule for specific extension" you will notice that I limited each extensions seperatly on each security rule.
Under the "Resource Filter" field.

I have 3 extnensions I wanted to limit the access to, so I created 3 sepreated security rule for each one.
Is there is an option that I can do it within one security rule instead of 3 ?
What is the sintext that I need to insert in the "Resource Filter" field to make it work for 2 or more extensions ?

Thanks again!
Adam

Re: Security Rule For Limiting Extensions User Access

henrikalmen — Tue, 14 Feb 2023 12:46:51 GMT

I have 3 extnensions I wanted to limit the access to, so I created 3 sepreated security rule for each one.
Is there is an option that I can do it within one security rule instead of 3 ?

You should be able to create a resource filter for Extension_* and then in conditions do something like this to make the rule apply only to specific extentions and users:

((resource.id="02e6..." or resource.id="0997....") and (user.userId="user1" or user.userId="user2"))