Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeffrey_Li
Creator
Creator

Security role problem

Hi, All,

I created the following two security roles. 

CustomizedContentadmin
Resources:Stream_*,App*,ReloadTask_*,UserSyncTask_*,SchemaEvent_*,User*,CustomProperty*,Tag_*,DataConnection_*,CompositeEvent_*,Extension_*,ContentLibrary_*,FileExtension_*,FileExtensionWhiteList_*,SystemNotification_*,FileReference*

CustomizedDeveloper
Resources:App*,ReloadTask_*,SchemaEvent_*,Tag_*,DataConnection_*,CompositeEvent_*,Extension_*,ContentLibrary_*,FileExtension_*,FileExtensionWhiteList_*,SystemNotification_*,FileReference*,Scheduler*

Comparing with CustomizedContentadmin, CustomizedDeveloper role has Scheduler* added, and has Stream_*,UserSyncTask_*,User*,CustomProperty* removed. So basically CustomizedContentadmin role has more resources access than CustomizedDeveloper except Scheduler.  That means for data connections, when users with these two roles log into hub site, they should be able to see the same data connections listed there. However, when roles are applied, users with CustomizedDeveloper role are able to see all data connections in hub, including those connection created by other users. But Users with CustomizedContentadmin role can only see a few data connections. I cannot find what the cause is, and need second eyes on it. Could you help?

Thanks

Bo

1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

Nothing looks obviously amiss there. On off-hours can you cycle services to see if it's some weird caching issue? That shouldn't be needed but I've seen it come up from time to time.

View solution in original post

10 Replies
andoryuu
Creator III
Creator III

Can you please post a screenshot of each of your security roles with all of the configured properties?  Just the resource filter is not enough to diagnose this issue.

Jeffrey_Li
Creator
Creator
Author

Customized_developer role screen shot

Jeffrey_Li
Creator
Creator
Author

Customized_contentadmin role screen shot

Jeffrey_Li
Creator
Creator
Author

Thanks for your reply. Screen shots have been uploaded

Jeffrey_Li
Creator
Creator
Author

One more thing. CustomizedContentAdmin users also have DeploymentAdmin role. 

Levi_Turner
Employee
Employee

Nothing looks obviously amiss there. On off-hours can you cycle services to see if it's some weird caching issue? That shouldn't be needed but I've seen it come up from time to time.

andoryuu
Creator III
Creator III

Agreed @Levi_Turner .  It's odd.  

@Jeffrey_Li  when you are in the problematic security rule go into the audit pane on the right and filter on a single user that *should* have these read rights and select "Data Connection" as the resource.  Click "Preview" on the security rule to see what comes up.  Does the user show up with a blue block for "R" meaning the rule grants them read rights?  What about if you click audit?  Look for a data connection that they *should* have - what color is the box?   Double click the "R" box - which security rules are displayed and can you provide a screenshot?

One thing that I've seen with security rules is that when trying to do certain security functions for hub activities you need to configure it "Only in Hub" even though you aren't trying to restrict it to hub, per se.  Try that and see if your test user can now see the data connections.  

Jeffrey_Li
Creator
Creator
Author

Thanks @Levi_Turner @andoryuu for your reply. I will find a time to restart the services and let users try again. Will let you know.

andoryuu
Creator III
Creator III

@Jeffrey_Li  You can also try my “only in hub” suggestion before having to cycle the services.