Skip to main content
Announcements
Save $600 on Qlik Connect registration! Sign up by Dec. 6 to get an extra $100 off with code CYBERSAVE: REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
jpjust
Specialist
Specialist

Qliksense Extension Permission Security rule

Hi All,

We have quite a few extensions and everyone can use extension as per the following security rule.

jpjust_0-1663955046281.png

Now, my requirement is to restrict few extensions from a set of users.

So if I disable the above security rule and implement some thing like below, it allows users who has access to custom property = "Writeback" has access only to a particular extension (ID:c794c076-6efa-4c63-92c9-b977ea4cf101)

And users will lose access to all other extension. How can I build on robust security rule to provide who can access what extension? Building security rule for each extension is not wise, I think.

jpjust_1-1663955144086.png

 

 

Labels (1)
2 Solutions

Accepted Solutions
Levi_Turner
Employee
Employee

At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:

  • qlik-*
  • sn-*

View from the QMC:

Levi_Turner_0-1665509833009.png

From there you can create a rule like so:

Levi_Turner_2-1665509953670.png

 

 

The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.

From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.

View solution in original post

jpjust
Specialist
Specialist
Author

Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.

I am going to implement this in our environment  for extensions and will update here.

Thanks

View solution in original post

9 Replies
Albert_Candelario

Hello @jpjust ,

Thanks for posting.

Would it work if you edit the default rule and try:

resource.id!=ExtensionID and user.@Profile="Group1"  

so extensions different from that X,Z or Y and users belonging to a certain group.

I have not tested myself, just is an idea.

Cheers,

Albert

 

 

 

 

 

Please, remember to mark the thread as solved once getting the correct answer
jpjust
Specialist
Specialist
Author

Thanks Albert, not sure if that works.

Lets say, I have the following extensions.

Ext1

Ext2

Ext3

User1,User2,User3 only should have access to the above extensions

Now  I have the following extensions

Ext4

Ext5

Ext6

user7,user8,user9 only should have access to the above extensions

The above can be achieved if I create individual security rule with Extension_c794c076-6efa-4c63-92c9-b977ea4cf101 for each extension. Then assign a custom property value.  But using this method, I will have to create individual security rule for each extension. Can you please check with your internal resources for an effective way or accomplishing this?

Thanks

Albert_Candelario

Hello @jpjust,

Could you kindly add more context on why of such requirement of restricting the extensions?

Yes, creating a rule for each extension might lead to quite a few depending on the number you have and hence possible performance degradation.

STT - Optimizing Qlik Sense Enterprise with Rules - YouTube

Sure, I can have a look with my peers, but I have never seen such requirement before.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
jpjust
Specialist
Specialist
Author

Hi Albert,

Here is the context.

We have qlikbundled extensions that comes with qliksense and it is available to everyone under "Extensions" security rule. These extensions are used in many apps with out special security rules.

Now we have bought 3'rd party extensions that we have to restrict from certain users / apps due to the cost.

If I disable the default "Extensions" sec rule and create sec rule for these 3'rd party extensions, the users / apps who were using the qlik bundled extensions will have permission issue.

Again, creating security rule for each and every extension will be painful. 

Is there a effective way of accomplishing my requirement?

Thanks

 

jpjust
Specialist
Specialist
Author

Hi Albert,

Just wondering if you have any findings on this?

Thanks

Albert_Candelario

Hello @jpjust ,

Thanks for adding the context.

No further findings till now, apart from the hard way you have mentioned. I will share it within my peers in case someone working more on implementation topics like pre-sales or professional services has an idea on such.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer
Levi_Turner
Employee
Employee

At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:

  • qlik-*
  • sn-*

View from the QMC:

Levi_Turner_0-1665509833009.png

From there you can create a rule like so:

Levi_Turner_2-1665509953670.png

 

 

The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.

From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.

jpjust
Specialist
Specialist
Author

Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.

I am going to implement this in our environment  for extensions and will update here.

Thanks

jpjust
Specialist
Specialist
Author

Hi Levi - I have one more question if you don't mind:

I have few additional extensions as you can see below. I tried with naming conventions for eg., like cl*, Da* etc., but it is not getting applied, meaning users are not able to see those extensions (eg., Cluster Night Mode, Dashboard Link....)

Do you see any issues?

jpjust_0-1668718276736.png

Here is the sec rule 

jpjust_1-1668718516474.png