Solved: Qliksense Extension Permission Security rule - Qlik Community

jpjust · ‎2022-09-23

Hi All,

We have quite a few extensions and everyone can use extension as per the following security rule.

Now, my requirement is to restrict few extensions from a set of users.

So if I disable the above security rule and implement some thing like below, it allows users who has access to custom property = "Writeback" has access only to a particular extension (ID:c794c076-6efa-4c63-92c9-b977ea4cf101)

And users will lose access to all other extension. How can I build on robust security rule to provide who can access what extension? Building security rule for each extension is not wise, I think.

Levi_Turner · ‎2022-10-11

At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:

qlik-*
sn-*

View from the QMC:

From there you can create a rule like so:

The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.

From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.

View solution in original post

jpjust · ‎2022-10-12

Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.

I am going to implement this in our environment for extensions and will update here.

Thanks

View solution in original post

Albert_Candelario · ‎2022-09-26

Hello @jpjust ,

Thanks for posting.

Would it work if you edit the default rule and try:

resource.id!=ExtensionID and user.@Profile="Group1"

so extensions different from that X,Z or Y and users belonging to a certain group.

I have not tested myself, just is an idea.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

jpjust · ‎2022-09-27

Thanks Albert, not sure if that works.

Lets say, I have the following extensions.

Ext1

Ext2

Ext3

User1,User2,User3 only should have access to the above extensions

Now I have the following extensions

Ext4

Ext5

Ext6

user7,user8,user9 only should have access to the above extensions

The above can be achieved if I create individual security rule with Extension_c794c076-6efa-4c63-92c9-b977ea4cf101 for each extension. Then assign a custom property value. But using this method, I will have to create individual security rule for each extension. Can you please check with your internal resources for an effective way or accomplishing this?

Thanks

Albert_Candelario · ‎2022-09-27

Hello @jpjust,

Could you kindly add more context on why of such requirement of restricting the extensions?

Yes, creating a rule for each extension might lead to quite a few depending on the number you have and hence possible performance degradation.

STT - Optimizing Qlik Sense Enterprise with Rules - YouTube

Sure, I can have a look with my peers, but I have never seen such requirement before.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

jpjust · ‎2022-09-27

Hi Albert,

Here is the context.

We have qlikbundled extensions that comes with qliksense and it is available to everyone under "Extensions" security rule. These extensions are used in many apps with out special security rules.

Now we have bought 3'rd party extensions that we have to restrict from certain users / apps due to the cost.

If I disable the default "Extensions" sec rule and create sec rule for these 3'rd party extensions, the users / apps who were using the qlik bundled extensions will have permission issue.

Again, creating security rule for each and every extension will be painful.

Is there a effective way of accomplishing my requirement?

Thanks

jpjust · ‎2022-09-30

Hi Albert,

Just wondering if you have any findings on this?

Thanks

Albert_Candelario · ‎2022-09-30

Hello @jpjust ,

Thanks for adding the context.

No further findings till now, apart from the hard way you have mentioned. I will share it within my peers in case someone working more on implementation topics like pre-sales or professional services has an idea on such.

Cheers,

Albert

Please, remember to mark the thread as solved once getting the correct answer

Levi_Turner · ‎2022-10-11

At least on my installation of Qlik Sense Enterprise, the bundled extensions all fit into this naming convention:

qlik-*
sn-*

View from the QMC:

From there you can create a rule like so:

The way of describing it would be, for all extensions whose names begin with qlik- or sn-, grant access (read) to all users.

From there you can customize the rule for the third party extension(s) by name or ID for the users who have licenses / entitlements for those extensions.

jpjust · ‎2022-10-12

Hi Levi - As always great to hear from you. Thank you so much for chiming in with this idea and I believe this is going to work for my requirement.

I am going to implement this in our environment for extensions and will update here.

Thanks

jpjust · ‎2022-11-17

Hi Levi - I have one more question if you don't mind:

I have few additional extensions as you can see below. I tried with naming conventions for eg., like cl*, Da* etc., but it is not getting applied, meaning users are not able to see those extensions (eg., Cluster Night Mode, Dashboard Link....)

Do you see any issues?

Here is the sec rule

Qliksense Extension Permission Security rule

Client Managed