We have a stream in Qlik Sense which we have to individually name users who have access to due to the sensitivity of the apps. We are on Qlik Sense Enterprise May 2024 Patch 7.
When trying to add a new user to the stream, this user has quotes around their middle name in AD. Ex: Jonathon "Johnnie" Smith
That is how it comes in from AD when I start typing the name in. If I set it the stream's security rules for name equal to Jonathon "Johnnie" Smith, it doesn't work. The user does not see the stream.
However, if I set it to name LIKE Jonathon*, it does work, and the user sees the stream.
Are quotation marks not allowed when setting stream access rules? Everywhere in QMC that shows the user shows it with quotes: Jonathon "Johnnie" Smith
@gsofo I'm not sure on your question so I checked chatgpt to what input it had on this:
In Qlik Sense, when setting security rules in the QMC (Qlik Management Console), you need to be careful with how you handle special characters like quotation marks ("). It's important to note that these characters may cause issues with matching when creating security rules, especially since the system might interpret them differently depending on how it's querying Active Directory (AD) attributes.
Here are a few things to consider:
Special Characters in Names: The quotation marks in names (e.g., Jonathon "Johnnie" Smith) may not be processed properly by Qlik Sense when they are used directly in security rules. This is because Qlik Sense might not escape special characters like quotation marks in the way you'd expect.
Wildcard Usage: Since the LIKE operator with a wildcard (*) works (i.e., Jonathon*), it indicates that Qlik Sense might be having trouble processing the exact string with quotes. The wildcard approach allows partial matching, so it's less strict and may bypass the need to handle special characters directly. For example, Jonathon* matches Jonathon "Johnnie" Smith without needing to account for the quotation marks.
Security Rule Evaluation: Qlik Sense evaluates security rules based on a combination of user attributes, so if there's any inconsistency in how attributes are stored (especially when quotes are involved), it can lead to access issues. When you enter a name with quotes directly into a security rule, Qlik Sense might not be able to resolve that string correctly for the user.
Solutions and Recommendations:
Use Wildcards for Matching: As you've discovered, using a LIKE rule with a wildcard (e.g., Jonathon*) works because it allows for flexible matching without needing to match the exact name string. This can be a good workaround, as long as the rule doesn’t unintentionally match too many users. You can further refine your matching logic by using other attributes (e.g., usernames, email addresses) to ensure you're targeting the right users.
Escaping Quotes: You can try escaping the quotation marks by using the backslash (\) to see if that allows the rule to be processed correctly. However, it's unclear if this will work directly in the Qlik Sense QMC since the system may not recognize escaped characters in security rules. It's worth experimenting with different formats.
Check User Attribute Consistency: Verify how the user's attributes (like user.name or user.login) are stored in Qlik Sense and ensure that they match the format in AD. If you are using Active Directory integration, check that the display name or other attributes are consistent with how Qlik Sense interprets them.
In summary, while quotes are allowed in the names, they may cause issues when directly used in security rules. Using wildcards or adjusting the rule's format to match parts of the name seems like the most viable approach in your situation.
