Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Jan 15, Trends 2025! Get expert guidance to thrive post-AI with After AI: REGISTER NOW
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
thomaslg_wq
Creator III
Creator III
‎2021-07-16 09:11 AM

Faster app level security rule ?

Hi everyone,

I would like to know your ideas on how to create an app level security with the fastest security rule evaluation.

Some points about the environment : 

  • OEM client with :
    • >100 end customers (groups of around 5 to 20 users)
    • >100 streams : most of them specific for some customers, a few that can be shared across customers
    • >1000 apps
    • >1000 users 

 

  • If we were doing some app level security with custom properties, we would have >1000 custom properties values
    • by user
    • or
    • by app
      which is totally out of the Qlik recommmandations

  • Is there another way ?
  • Are >1000 Active Directory Groups faster to evaluate than >1000 custom properties values ?

 

In general, how do you deal with large volume of users/apps and still have a good performance of rules evaluation ?

  • I may have an idea of how I am going to implement this but I want your fresh ideas first 🙂

 

Thanks for your ideas !

Regards,

Thomas

1,089 Views
0 Likes
4 Replies
e_petrasevicius21
Partner - Contributor III
Partner - Contributor III
‎2021-07-27 08:44 AM

Hi, @thomaslg_wq ,

Same issue on our side - we tried both (Groups and CP) 

From general Groups are evaluated faster - but we ran into second bottleneck - too many Active Directory attributes are import as User attribute. In some cases user has around 900 attributes which only 20 of them are related with Qlik security - however during Log in all of the groups are checked against security rules and we lose performance in HUB opening (around 40s in such cases).

Maybe you found a way to workaround this? Or you have better results with CP evaluation?

1,003 Views
thomaslg_wq
Creator III
Creator III
‎2021-08-17 03:06 AM
Author

In response to e_petrasevicius21

Hi Edgaras,

Thanks for your input. 

It has not been implemented yet, we are currently redesigning our whole Qlik platform, this question remains one of our main concerns. 

How much faster would you say the groups are evaluated (how much % of improvement did you see with groups in app opening for instance ?)

I hear you on the second bottleneck... It seems there is no perfect way to do it..

I was hoping to find some good workarounds but my post did not drag much reponse, I guess we'll have to test various workarounds ourselves 🙂

Thanks again,

929 Views
0 Likes
gandalfgray
Specialist II
Specialist II
‎2021-12-03 10:03 AM

Hi guys! How did this go for you?

We are working on a similar project, so it would be interesting to hear about your findings 🙂

809 Views
0 Likes
Maria_Halley
Support
Support
‎2021-12-07 05:52 AM

@gandalfgray

@thomaslg_wq

 

There is some information in the Help about this subject.

 

So that's a good place to start.

https://help.qlik.com/en-US/sense-admin/November2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

757 Views