Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello
I'm working on Qlik sense enterprise
I want to restrict developers from creating a folder data connection to a network path
I know this can be accomplished via security rules
I created a security rule as follows:
Resource Filter: DataConnection_*
Actions: Create
Conditions: resource.resourcetype = "DataConnection"
and
( (resource.type = "folder" and !(resource.Path like "*\\\\qliksenseprd\\QlikSense\\Technical STORE QVDs\\QDF_FIN*")))
however when I go to the load editor, the create-new-connection button at the top right is disabled as if the security rule failed
thank you very much for your pointless answers
Hi @ali_hijazi,
The security rule doesn't have the functionality to control to which folders a data connection can and cannot be created. It looks like it does, but it actually doesn't. The security rule is binary in a sense that it either allows creation of a folder connection or it doesn't.
To answer your question, in order to block creation of a data connection to a specific folders, you would need to block access in to those folders for whatever user or service account you use to run your Qlik Sense services.
For example, let say the account that you use to run your Qlik Sense services is ServiceQlikSense. And the path that you don't want folder data connections to be created is \\qliksenseprd\QlikSense\Technical. You would need to:
Step 01.
Go to the properties of the Technical folder, go to the Security tab and click the Advanced button, this one:
Step 02.
Then click the Add button:
Step 03.
Click the Select a principal link:
Step 04.
Enter the username of the service account that runs your Qlik Sense services.
Step 05.
Click the Check Names button.
Step 06.
Click the OK button.
Step 07.
Back in the Permission Entry for Technical folder window, select the Deny in the Type dropdown.
Step 08.
Select Full Control to deny all access to the folder.
Step 09.
Click the OK button to save folder permissions.
Step 10.
Click the OK button in the Advanced Security Settings window.
Step 11.
Click the OK button in folder properties window.
Now that the service account was denied access to the Technical folder, when developers will go to create a data connection to that folder, they will be able to type the path to the folder but the Create button will be grayed out, effectively not allowing them to create a data connection to that folder. Here's what that will look like: