Qlik Community

Ask a Question

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
QlikWorld Online 2021, May 10-12: Our Free, Virtual, Global Event REGISTER TODAY
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeffrey_Li
Creator
Creator

How to allow non-Admin users download task log?

Hi, All,

We want to allow some non-Admin users to be able to download Qlik Sense task log.  Currently when one user tried to download log, he got error. Please see attached image. Which security rules control that?

Thanks

Bo

6 Replies
Levi_Turner
Employee
Employee

It looks like the actual download calls this endpoint: /qrs/ReloadTask/{reloadTaskId}/scriptlog?fileReferenceId={fileReferenceId}

So I'd guess this would be the rule that is needed:

  • Filter: FileReference_*
  • Action: Read
  • Conditions: Whatever conditions you want to use
  • Context: QMC
Jeffrey_Li
Creator
Creator
Author

Hi, LeviTurner,

Thanks for your reply, but It doesn't work.

Regards

Bo

Jeffrey_Li
Creator
Creator
Author

Also, how do you find it calls this  /qrs/ReloadTask/{reloadTaskId}/scriptlog?fileReferenceId={fileReferenceId}?

Levi_Turner
Employee
Employee

qrs-dev_tools.png

 

Yeah, not sure what the hiccup is on your end. This rule fails with insufficient privileges:

Filter: QmcSection_Task,ReloadTask*
Actions: Read
Conditons: ((user.name="taskloguser"))
Context: QMC

This rule works:

Filter: QmcSection_Task,ReloadTask*,FileReference*
Actions: Read
Conditons: ((user.name="taskloguser"))
Context: QMC

The first two filters just expose the Tasks section of the QMC and the actual tasks, which your user presumably already has.

For my condition, I am obviously scoping this to just a test user. So you'd want to use something more robust like group membership, a role, etc.

benwashburne
Partner
Partner

@Levi_Turner This worked for me, thanks!  I had to search for this solution because after some update (I don't know which one) I was no longer able to see the logs. I am a content and security admin so I assumed I could always view them - you don't happen to know of any security rule changes that would have altered this, do you?

Levi_Turner
Employee
Employee

My understanding is that there was increased hardening to QSE which requires explicit rights to FileReference_*, see https://support.qlik.com/articles/000080215.