Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
All,
I have my environment like this and trying n to tighten the security. Please let me know how to achieve this?
I have Dev and Prod on cluster.
Prod Link : https://qlik.url.com/hub/my/work ->I can see few apps under my work. I am also able to edit the script and run the script which hits the Prod node- Ultimately I should not be able to see the "work" folder OR I should not be able to run the script.
Dev Link : https://devqlik.url.com/hub/my/work -> I can see the same set of apps under my work. I am able to edit the script and run the script which hits the Dev node which is fine.
I really want to restrict anyone not to run script when they are in Prod node. How can I achieve this type of security?
Thanks
Hello @jpjust,
This really depend on how your environment looks like but here is a scenario with 3 nodes that would allow you to achieve the described outcome. Hope this will help you applying something similar in your environment.
Environment:
QlikServer1: Central node - Act as a Qlik Sense Proxy
QlikServer2: Rim node - Act as a Qlik Sense Engine and configured as DEV Purpose in the QMC
QlikServer3: Rim node - Act as a Qlik Sense Engine and configured as PROD Purpose in the QMC
Configuration:
Now you will need to created two addition LoadBalancing rule
With this scenario, "My work" will not appear when pointing to the prod virtual proxy and no unpublished application will be available on the prod engine.
Hope this helps!
Hello @jpjust,
This really depend on how your environment looks like but here is a scenario with 3 nodes that would allow you to achieve the described outcome. Hope this will help you applying something similar in your environment.
Environment:
QlikServer1: Central node - Act as a Qlik Sense Proxy
QlikServer2: Rim node - Act as a Qlik Sense Engine and configured as DEV Purpose in the QMC
QlikServer3: Rim node - Act as a Qlik Sense Engine and configured as PROD Purpose in the QMC
Configuration:
Now you will need to created two addition LoadBalancing rule
With this scenario, "My work" will not appear when pointing to the prod virtual proxy and no unpublished application will be available on the prod engine.
Hope this helps!
Thanks Bastien. Really appreciate it. I will try it out.
I have attached my environment here. Based upon my environment, do you suggest any changes from what you have outlined above?
I would like to have this same security implemented for root admin as well.
Thanks
It is difficult to say only based on this screenshot.
The one tip that I can give you is to not use the Central node engine in the Production Virtual Proxy (In the load balancing section)
The central node has the particularity to have access to every app and there is nothing that can be configured to prevent that.
Finally the scenario I have presented will also apply to root admin yes.
Ok Thanks Bastien. I will give it a go.
Let us know how it goes and if you need additional help along the way.
Hi Bastien - I implemented that rule. Then all the apps from Dev stream (Logged to dev url ) vanished including tre apps on my work folder.
No change in Prod url, every stream and the apps are visible including my work folder.
If you need any information from my environment, please let me know.