Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
IMPORTANT security patches for GeoAnalytics Server available to download: READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
Suzanne_van_der_Tang
Contributor II
Contributor II

Access denied root user, but from which process?

Hi all,

I'm fairly new in the administrator role within Qlik, and I was strolling through the log monitor.
In the log, I see a large amount of error message of the following kind:

Access was denied for User: <rootuser>, SessionId: <y>, Hostname: '::1', Requested access types: '', OperationType: 'UsageDenied'

How can I derive from the log which process causes this error? THe message is from the ServiceRepository log, but I would like to know the process which is trying to access using the <rootuser>.

Thanks!

Suzanne

1 Solution

Accepted Solutions
Mike_Dickson
Support
Support

Hello Suzanne,

Would the "rootuser" happen to be the service account?

Does your service account have a professional / analyzer pass assigned to it?

It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?

If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.

https://community.qlik.com/t5/Knowledge/How-to-configure-Certificate-Authentication-for-Qlik-Sense/t...

 

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!

View solution in original post

3 Replies
Mike_Dickson
Support
Support

Hello Suzanne,

Would the "rootuser" happen to be the service account?

Does your service account have a professional / analyzer pass assigned to it?

It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?

If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.

https://community.qlik.com/t5/Knowledge/How-to-configure-Certificate-Authentication-for-Qlik-Sense/t...

 

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!
Suzanne_van_der_Tang
Contributor II
Contributor II
Author

Hi @Mike_Dickson ,

You're right. It appears to be related to the monitoring apps. This page describes the problem I'm having:
https://community.qlik.com/t5/Knowledge/Qlik-Sense-Enterprise-403-Access-was-denied-errors-in-Servic...

Your colleague suggested to raise a defect on this, which I did.

A question I have about the solution you suggest: What's the downside of switching the service account to use certificate authentication?

Grt,
Suzanne

Mike_Dickson
Support
Support

There really isn't a "downside" to switching the REST connections to use Certificate Authentication other than "In multi-node environments where the central node does not perform reloads, the certificate generated will have to be moved to the corresponding folders on the other nodes"

Which is resolved by copying the certificates over to the same location on the RIM node that preforms the reload.

If you do end up using the Certificate Authentication within your environment and it resolves your issue, let us know by clicking the "Accept as Solution"

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!