Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi All,
We have quite a few extensions and everyone can use extension as per the following security rule.
Now, my requirement is to restrict few extensions from a set of users.
So if I disable the above security rule and implement some thing like below, it allows users who has access to custom property = "Writeback" has access only to a particular extension (ID:c794c076-6efa-4c63-92c9-b977ea4cf101)
And users will lose access to all other extension. How can I build on robust security rule to provide who can access what extension? Building security rule for each extension is not wise, I think.
At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:
View from the QMC:
From there you can create a rule like so:
The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.
From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.
Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.
I am going to implement this in our environment for extensions and will update here.
Thanks
Hello @jpjust ,
Thanks for posting.
Would it work if you edit the default rule and try:
resource.id!=ExtensionID and user.@Profile="Group1"
so extensions different from that X,Z or Y and users belonging to a certain group.
I have not tested myself, just is an idea.
Cheers,
Albert
Thanks Albert, not sure if that works.
Lets say, I have the following extensions.
Ext1
Ext2
Ext3
User1,User2,User3 only should have access to the above extensions
Now I have the following extensions
Ext4
Ext5
Ext6
user7,user8,user9 only should have access to the above extensions
The above can be achieved if I create individual security rule with Extension_c794c076-6efa-4c63-92c9-b977ea4cf101 for each extension. Then assign a custom property value. But using this method, I will have to create individual security rule for each extension. Can you please check with your internal resources for an effective way or accomplishing this?
Thanks
Hello @jpjust,
Could you kindly add more context on why of such requirement of restricting the extensions?
Yes, creating a rule for each extension might lead to quite a few depending on the number you have and hence possible performance degradation.
STT - Optimizing Qlik Sense Enterprise with Rules - YouTube
Sure, I can have a look with my peers, but I have never seen such requirement before.
Cheers,
Albert
Hi Albert,
Here is the context.
We have qlikbundled extensions that comes with qliksense and it is available to everyone under "Extensions" security rule. These extensions are used in many apps with out special security rules.
Now we have bought 3'rd party extensions that we have to restrict from certain users / apps due to the cost.
If I disable the default "Extensions" sec rule and create sec rule for these 3'rd party extensions, the users / apps who were using the qlik bundled extensions will have permission issue.
Again, creating security rule for each and every extension will be painful.
Is there a effective way of accomplishing my requirement?
Thanks
Hi Albert,
Just wondering if you have any findings on this?
Thanks
Hello @jpjust ,
Thanks for adding the context.
No further findings till now, apart from the hard way you have mentioned. I will share it within my peers in case someone working more on implementation topics like pre-sales or professional services has an idea on such.
Cheers,
Albert
At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:
View from the QMC:
From there you can create a rule like so:
The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.
From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.
Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.
I am going to implement this in our environment for extensions and will update here.
Thanks
Hi Levi - I have one more question if you don't mind:
I have few additional extensions as you can see below. I tried with naming conventions for eg., like cl*, Da* etc., but it is not getting applied, meaning users are not able to see those extensions (eg., Cluster Night Mode, Dashboard Link....)
Do you see any issues?
Here is the sec rule