Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Suzanne_van_der_Tang
Contributor II
Contributor II
‎2022-01-26 05:56 AM

Access denied root user, but from which process?

Hi all,

I'm fairly new in the administrator role within Qlik, and I was strolling through the log monitor.
In the log, I see a large amount of error message of the following kind:

Access was denied for User: <rootuser>, SessionId: <y>, Hostname: '::1', Requested access types: '', OperationType: 'UsageDenied'

How can I derive from the log which process causes this error? THe message is from the ServiceRepository log, but I would like to know the process which is trying to access using the <rootuser>.

Thanks!

Suzanne

1 user say ditto
1,233 Views
0 Likes
1 Solution

Accepted Solutions
Mike_Dickson
Support
Support
‎2022-01-26 06:39 PM

Hello Suzanne,

Would the "rootuser" happen to be the service account?

Does your service account have a professional / analyzer pass assigned to it?

It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?

If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.

https://community.qlik.com/t5/Knowledge/How-to-configure-Certificate-Authentication-for-Qlik-Sense/t...

 

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!

View solution in original post

1,156 Views
0 Likes
3 Replies
Mike_Dickson
Support
Support
‎2022-01-26 06:39 PM

Hello Suzanne,

Would the "rootuser" happen to be the service account?

Does your service account have a professional / analyzer pass assigned to it?

It is most likely cause by the reload of the monitoring applications within the QMC. If you open the data connections for the monitoring apps (IE: monitor_apps_REST_app) is the UserID the one that is being displayed in the log for UsageDenied?

If it is, than an option might be to setup your monitoring apps to authenticate via Certificate.

https://community.qlik.com/t5/Knowledge/How-to-configure-Certificate-Authentication-for-Qlik-Sense/t...

 

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!
1,157 Views
0 Likes
Suzanne_van_der_Tang
Contributor II
Contributor II
‎2022-01-28 03:35 AM
Author

In response to Mike_Dickson

Hi @Mike_Dickson ,

You're right. It appears to be related to the monitoring apps. This page describes the problem I'm having:
https://community.qlik.com/t5/Knowledge/Qlik-Sense-Enterprise-403-Access-was-denied-errors-in-Servic...

Your colleague suggested to raise a defect on this, which I did.

A question I have about the solution you suggest: What's the downside of switching the service account to use certificate authentication?

Grt,
Suzanne

1,102 Views
0 Likes
Mike_Dickson
Support
Support
‎2022-01-28 04:42 PM

In response to Suzanne_van_der_Tang

There really isn't a "downside" to switching the REST connections to use Certificate Authentication other than "In multi-node environments where the central node does not perform reloads, the certificate generated will have to be moved to the corresponding folders on the other nodes"

Which is resolved by copying the certificates over to the same location on the RIM node that preforms the reload.

If you do end up using the Certificate Authentication within your environment and it resolves your issue, let us know by clicking the "Accept as Solution"

Sr. Technical Support Engineer with Qlik Support
Don't forget to mark a solution that worked for you!
1,076 Views
0 Likes