https://community.qlik.com/t5/Official-Support-Articles/Guidance-on-how-to-conclude-if-the-issue-is-Security-Rule/ta-p/1716546 <P class="qlik-migrated-tkb-headings"><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F7qXV1uWf9DM%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D7qXV1uWf9DM&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F7qXV1uWf9DM%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="200" height="112" scrolling="no" title="Qlik Fix: How to check if issue is security rule related" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></P> <P><BR />Qlik Sense allows for flexible assignment of user access rights by utilizing Security Rule.<BR /><BR />This article is meant to help in identifying if a Security Rule is causing an issue. For information on how Security Rules operate, please see the official Qlik Sense Help site for your respective version &gt; Designing access control &gt;&nbsp;<I><A href="https://help.qlik.com/en-US/sense-admin/September2019/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/security-rules-evaluation.htm" target="_blank" rel="noopener">Security rules evaluation</A></I><BR /><BR />Each time a user requests access to a resource,&nbsp;Qlik Sense&nbsp;evaluates the request against the security rules in the&nbsp;Qlik Sense&nbsp;system. If at least one rule evaluates to True then&nbsp;Qlik Sense&nbsp;will provide the user with access according to the conditions and actions described in the security rule. If no rules evaluate to True&nbsp;then the user will be denied access. The fact that&nbsp;Qlik Sense&nbsp;security rules are property-based makes&nbsp;Qlik Sense&nbsp;very scalable as you can build rules based on properties that apply to groups of users.<BR /><BR />As of such, it is possible that multiple custom security rules are in place that are overriding each other, or multiple "Roles" are assigned to a User in the "Users" tab and their rights are conflicting.<BR /><BR />This article provide guidance on how to conclude if the issue is caused by Security Rules or by something else.<BR /><BR />Also see related article <A href="https://community.qlik.com/t5/Support-Knowledge-Base/How-to-Use-the-Audit-function-to-verify-app-access-for-users-and/ta-p/1716865" target="_blank" rel="noopener">Qlik Sense How to: Use the Audit function to see what access user has to apps in the hub, and what rules that are in affect</A><BR /><BR /><STRONG>Environment:</STRONG></P> <UL> <LI>Qlik Sense Enterprise all versions</LI> </UL> <P>For&nbsp;Qlik Sense February 2019 (13.9.2), please first refer to&nbsp;<A href="https://support.qlik.com/articles/Basic/Super-Admin-Security-Rule" target="_blank" rel="noopener">Super Admin Security Rule not working</A></P> <P class="qlik-migrated-tkb-headings">Resolution:</P> <P><BR />When a user reported an issue, create a super admin role, assign it to that user and see if the issue will be resolved.<BR /><BR />1. Go to QMC &gt; <SPAN>Security Rules</SPAN><BR />2. Click <SPAN>Create </SPAN>new button<BR />3. Enter <SPAN><STRONG>T-SuperAdmin</STRONG></SPAN> in Name<BR />4. Enter<SPAN>&nbsp;<STRONG>SuperAdmin for Troubleshooting Purpose</STRONG></SPAN>&nbsp;in <SPAN>Description</SPAN><BR />5. Enter <STRONG>*</STRONG> in Resource filter<BR />6. Tick "<SPAN>Create</SPAN>", "<SPAN>Read</SPAN>", "<SPAN>Update</SPAN>", "<SPAN>Delete</SPAN>", "<SPAN>Export</SPAN>", "<SPAN>Publish</SPAN>","<SPAN>Change owner</SPAN>", "<SPAN>Change role</SPAN>", "<SPAN>Export data</SPAN>", "<FONT face="Courier New, Courier, monospace">Access offline</FONT>", "<FONT face="Courier New, Courier, monospace">Duplicate</FONT>" in <SPAN>Action</SPAN><BR />7. Enter<SPAN>&nbsp;</SPAN><STRONG><SPAN>((user.roles="T-SuperAdmin"))</SPAN>&nbsp;</STRONG>in <SPAN>Conditions</SPAN><BR />8. Select<STRONG> <SPAN>Both in hub and QMC</SPAN></STRONG> in <SPAN>Context</SPAN><BR />9. Press <SPAN>Apply </SPAN>button<BR />10. Go to QMC &gt; <SPAN>Users</SPAN><BR />11. Select the user who has the issue and click <SPAN>Edit </SPAN>button<BR />12. Click <SPAN>Add role</SPAN> button and select<SPAN>&nbsp;<STRONG>T-SuperAdmin</STRONG></SPAN><BR />13. If any existing role or custom properties applied, please remove it&nbsp;<BR />14. Press <SPAN>Apply </SPAN>button<BR />15. Ask the user who reported to do the test and see if the issue will be resolved for that user<BR />Note: Please also ask the user to close all of the existing browsers before start the test.</P> <H4>If the issue resolved:</H4> <DIV>Security Rule related. Please review existing security rules</DIV> <DIV>&nbsp;</DIV> <H4>If the issue is not resolved:</H4> <DIV>&nbsp;Not Security Related</DIV> Thu, 11 Feb 2021 09:30:10 GMT Yoichi_Hirotake 2021-02-11T09:30:10Z https://community.qlik.com/t5/Official-Support-Articles/Guidance-on-how-to-conclude-if-the-issue-is-Security-Rule/ta-p/1716546 <P class="qlik-migrated-tkb-headings"><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2F7qXV1uWf9DM%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D7qXV1uWf9DM&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2F7qXV1uWf9DM%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="200" height="112" scrolling="no" title="Qlik Fix: How to check if issue is security rule related" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></P> <P><BR />Qlik Sense allows for flexible assignment of user access rights by utilizing Security Rule.<BR /><BR />This article is meant to help in identifying if a Security Rule is causing an issue. For information on how Security Rules operate, please see the official Qlik Sense Help site for your respective version &gt; Designing access control &gt;&nbsp;<I><A href="https://help.qlik.com/en-US/sense-admin/September2019/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/security-rules-evaluation.htm" target="_blank" rel="noopener">Security rules evaluation</A></I><BR /><BR />Each time a user requests access to a resource,&nbsp;Qlik Sense&nbsp;evaluates the request against the security rules in the&nbsp;Qlik Sense&nbsp;system. If at least one rule evaluates to True then&nbsp;Qlik Sense&nbsp;will provide the user with access according to the conditions and actions described in the security rule. If no rules evaluate to True&nbsp;then the user will be denied access. The fact that&nbsp;Qlik Sense&nbsp;security rules are property-based makes&nbsp;Qlik Sense&nbsp;very scalable as you can build rules based on properties that apply to groups of users.<BR /><BR />As of such, it is possible that multiple custom security rules are in place that are overriding each other, or multiple "Roles" are assigned to a User in the "Users" tab and their rights are conflicting.<BR /><BR />This article provide guidance on how to conclude if the issue is caused by Security Rules or by something else.<BR /><BR />Also see related article <A href="https://community.qlik.com/t5/Support-Knowledge-Base/How-to-Use-the-Audit-function-to-verify-app-access-for-users-and/ta-p/1716865" target="_blank" rel="noopener">Qlik Sense How to: Use the Audit function to see what access user has to apps in the hub, and what rules that are in affect</A><BR /><BR /><STRONG>Environment:</STRONG></P> <UL> <LI>Qlik Sense Enterprise all versions</LI> </UL> <P>For&nbsp;Qlik Sense February 2019 (13.9.2), please first refer to&nbsp;<A href="https://support.qlik.com/articles/Basic/Super-Admin-Security-Rule" target="_blank" rel="noopener">Super Admin Security Rule not working</A></P> <P class="qlik-migrated-tkb-headings">Resolution:</P> <P><BR />When a user reported an issue, create a super admin role, assign it to that user and see if the issue will be resolved.<BR /><BR />1. Go to QMC &gt; <SPAN>Security Rules</SPAN><BR />2. Click <SPAN>Create </SPAN>new button<BR />3. Enter <SPAN><STRONG>T-SuperAdmin</STRONG></SPAN> in Name<BR />4. Enter<SPAN>&nbsp;<STRONG>SuperAdmin for Troubleshooting Purpose</STRONG></SPAN>&nbsp;in <SPAN>Description</SPAN><BR />5. Enter <STRONG>*</STRONG> in Resource filter<BR />6. Tick "<SPAN>Create</SPAN>", "<SPAN>Read</SPAN>", "<SPAN>Update</SPAN>", "<SPAN>Delete</SPAN>", "<SPAN>Export</SPAN>", "<SPAN>Publish</SPAN>","<SPAN>Change owner</SPAN>", "<SPAN>Change role</SPAN>", "<SPAN>Export data</SPAN>", "<FONT face="Courier New, Courier, monospace">Access offline</FONT>", "<FONT face="Courier New, Courier, monospace">Duplicate</FONT>" in <SPAN>Action</SPAN><BR />7. Enter<SPAN>&nbsp;</SPAN><STRONG><SPAN>((user.roles="T-SuperAdmin"))</SPAN>&nbsp;</STRONG>in <SPAN>Conditions</SPAN><BR />8. Select<STRONG> <SPAN>Both in hub and QMC</SPAN></STRONG> in <SPAN>Context</SPAN><BR />9. Press <SPAN>Apply </SPAN>button<BR />10. Go to QMC &gt; <SPAN>Users</SPAN><BR />11. Select the user who has the issue and click <SPAN>Edit </SPAN>button<BR />12. Click <SPAN>Add role</SPAN> button and select<SPAN>&nbsp;<STRONG>T-SuperAdmin</STRONG></SPAN><BR />13. If any existing role or custom properties applied, please remove it&nbsp;<BR />14. Press <SPAN>Apply </SPAN>button<BR />15. Ask the user who reported to do the test and see if the issue will be resolved for that user<BR />Note: Please also ask the user to close all of the existing browsers before start the test.</P> <H4>If the issue resolved:</H4> <DIV>Security Rule related. Please review existing security rules</DIV> <DIV>&nbsp;</DIV> <H4>If the issue is not resolved:</H4> <DIV>&nbsp;Not Security Related</DIV> Thu, 11 Feb 2021 09:30:10 GMT https://community.qlik.com/t5/Official-Support-Articles/Guidance-on-how-to-conclude-if-the-issue-is-Security-Rule/ta-p/1716546 Yoichi_Hirotake 2021-02-11T09:30:10Z