Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Open Lakehouse is Now Generally Available! Discover the key highlights and partner resources here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ali_hijazi
Partner - Master II
Partner - Master II
‎2022-12-08 10:13 AM

Custom Security Rule for a data connection

Hello; I'm working on Qlik Sense
we have several data connections defined 
also there are several security rules defined on data connections (general security rules i.e. not specific to a data connection) and these security rules have DataConnection_* as resource filter.

so now if I create a new data connection, these general security rules will be automatically applied to it

 

Capture.PNG

now for this new data connection I don't want these security rules above to be applied on it; and I want to create a new associated rule
I tried to delete one of the general security rules above inside the properties of the data connection , but this will delete it from security rules, not from the data connection itself

is there a way to disable security rules on a specific data connection and make only the associated one applied?

Kindly advise

I can walk on water when it freezes
Labels (1)
Labels
1,399 Views
0 Likes
4 Replies
rubenmarin
MVP
MVP
‎2022-12-08 12:32 PM

Hi, to your general question: No, if any rule gives the permission, the permission is granted, you can't add rules to deny permission, only to give, and if a rule is applied to DataConnection_* it will applied to all connections.

You can edit the current rules to add a condition like and !(Resource.Name="DataConnectionName") so the rule returns false on that new data connection.

If it's not something very special I would advide to use custom properties to comfigre rules so you can use a condition like !(Resource.@CustomProperty="PropertyValue"), so if there more than one data connection with this behaviour it will be applied to all the data connection with this custom property value.

 

1,377 Views
0 Likes
ali_hijazi
Partner - Master II
Partner - Master II
‎2022-12-09 02:24 AM
Author

In response to rubenmarin

Hi @rubenmarin 
thank you for your prompt reply
ok I'm creating a custom property named CanConsume with Values = Yes, No which I give it to users
so this data connection will be visible to users in the Hub if the user has the CanConsume = Yes (I'm giving example)
so the security rule (associated rule) will have as condition user.@CanConsume = "yes" and Action is READ

so the above security rules (DataConnection_*) will grant access but the associated rule at the end will break this rule and give access only to users with CanConsume = "yes"
Am I right?

 

I can walk on water when it freezes
1,365 Views
0 Likes
rubenmarin
MVP
MVP
‎2022-12-09 02:37 AM

In response to ali_hijazi

Hi @ali_hijazi, no, as said above "if any rule gives the permission, the permission is granted", you need to edit or disable the previous rules to prevent them to give permissions you don't want to give.

Or don't create another rule, just add and user.@CanConsume = "yes" to the other rules to set this condition in all rules.

1,361 Views
0 Likes
ali_hijazi
Partner - Master II
Partner - Master II
‎2022-12-09 07:18 AM
Author

In response to rubenmarin

so what is requested from me is not doable
I cannot treat a data connection separately; it has to follow rules defined before 
your suggestion is not feasible; I cannot disable previous rules nor can I add the CanConsume property to previous rules; because only this new data connection needs to be treated separately so that only a group of users can read it

I can walk on water when it freezes
1,354 Views
0 Likes