Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi all,
I'm fairly new in the administrator role within Qlik, and I was strolling through the log monitor.
In the log, I see a large amount of error message of the following kind:
Access was denied for User: <rootuser>, SessionId: <y>, Hostname: '::1', Requested access types: '', OperationType: 'UsageDenied'
How can I derive from the log which process causes this error? THe message is from the ServiceRepository log, but I would like to know the process which is trying to access using the <rootuser>.
Thanks!
Suzanne
Hello Suzanne,
Would the "rootuser" happen to be the service account?
Does your service account have a professional / analyzer pass assigned to it?
It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?
If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.
Hello Suzanne,
Would the "rootuser" happen to be the service account?
Does your service account have a professional / analyzer pass assigned to it?
It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?
If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.
Hi @Mike_Dickson ,
You're right. It appears to be related to the monitoring apps. This page describes the problem I'm having:
https://community.qlik.com/t5/Knowledge/Qlik-Sense-Enterprise-403-Access-was-denied-errors-in-Servic...
Your colleague suggested to raise a defect on this, which I did.
A question I have about the solution you suggest: What's the downside of switching the service account to use certificate authentication?
Grt,
Suzanne
There really isn't a "downside" to switching the REST connections to use Certificate Authentication other than "In multi-node environments where the central node does not perform reloads, the certificate generated will have to be moved to the corresponding folders on the other nodes"
Which is resolved by copying the certificates over to the same location on the RIM node that preforms the reload.
If you do end up using the Certificate Authentication within your environment and it resolves your issue, let us know by clicking the "Accept as Solution"