Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Announcements
Join us in NYC Sept 4th for Qlik's AI Reality Tour! Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 
ali_hijazi
Partner - Master II
Partner - Master II

restrict the creation of a folder data connection on a specific network path

Hello
I'm working on Qlik sense enterprise
I want to restrict developers from creating a folder data connection to a network path
I know this can be accomplished via security rules
I created a security rule as follows:


Resource Filter: DataConnection_*
Actions: Create
Conditions: resource.resourcetype = "DataConnection"
and
( (resource.type = "folder" and !(resource.Path like "*\\\\qliksenseprd\\QlikSense\\Technical STORE QVDs\\QDF_FIN*")))

however when I go to the load editor, the create-new-connection button at the top right is disabled as if the security rule failed

I can walk on water when it freezes
Labels (3)
11 Replies
ali_hijazi
Partner - Master II
Partner - Master II
Author

thank you very much for your pointless answers

I can walk on water when it freezes
howdash
Creator
Creator

Hi @ali_hijazi,

The security rule doesn't have the functionality to control to which folders a data connection can and cannot be created. It looks like it does, but it actually doesn't. The security rule is binary in a sense that it either allows creation of a folder connection or it doesn't.

To answer your question, in order to block creation of a data connection to a specific folders, you would need to block access in to those folders for whatever user or service account you use to run your Qlik Sense services.

For example, let say the account that you use to run your Qlik Sense services is ServiceQlikSense. And the path that you don't want folder data connections to be created is \\qliksenseprd\QlikSense\Technical. You would need to:

Step 01.

Go to the properties of the Technical folder, go to the Security tab and click the Advanced button, this one:

01. security properties.jpg

 

Step 02.

Then click the Add button:

02. click the Add button.jpg

 

Step 03.

Click the Select a principal link:

03. click the select a principal link.jpg

 

Step 04.

Enter the username of the service account that runs your Qlik Sense services.

Step 05.

Click the Check Names button.

04. enter username of your service account.jpg

 

Step 06.

Click the OK button.

05. click the ok button.jpg

 

Step 07.

Back in the Permission Entry for Technical folder window, select the Deny in the Type dropdown.

06. switch the Type to Deny.jpg

 

Step 08.

Select Full Control to deny all access to the folder.

Step 09.

Click the OK button to save folder permissions.

07. click the ok button (1).jpg

 

Step 10.

Click the OK button in the Advanced Security Settings window.

08. click the ok button.jpg

 

Step 11.

Click the OK button in folder properties window.

09. click the ok button.jpg

 

Now that the service account was denied access to the Technical folder, when developers will go to create a data connection to that folder, they will be able to type the path to the folder but the Create button will be grayed out, effectively not allowing them to create a data connection to that folder. Here's what that will look like:

10. cannot create data connection.jpg