Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Open Lakehouse is Now Generally Available! Discover the key highlights and partner resources here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
tduarte
Partner - Creator II
Partner - Creator II
‎2025-07-14 06:58 AM

Which permissions are required for connecting to the QRS API url for the Monitoring Apps REST data connections

Hi,

We would like to change the user account used in the Monitoring Apps data connections but we need to know which permissions are required.
Currently we are using the Root Admin Qlik services service account (used for the installation).

Thanks,
Telmo

Labels (1)
Labels
255 Views
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee
‎2025-07-16 03:10 PM

In response to tduarte

Whoops, both need to be elevated. Missed that as I was writing a response whilst doing other things.

 

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Reload the License Monitor

3. Elevate the user to RootAdmin (QMC > Users)

or

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Log in as the user

3. Elevate the user to RootAdmin (QMC > Users)

4. Reload the License Monitor

> 2. Why do we need to reload the License Monitor specifically?

It's faster to reload than the Ops Monitor.

3. What are the exact necessary permissions for the new user account to query the QRS as part of the data connection?

 

App*,Event*,License*,Task*,User* ought to work but you'd need to test this. As mentioned, other apps may re-use these connections (via WITH CONNECTION techniques) so if you go custom here, you will need to debug why those apps do not work properly. RootAdmin is documented and will ensure those apps work.

View solution in original post

171 Views
0 Likes
5 Replies
Levi_Turner
Employee
Employee
‎2025-07-15 03:39 PM

RootAdmin is strongly recommended*. What are the challenges facing using the RootAdmin role?

 

* RootAdmins can access all assets. If you were to narrowly scope the permissions to just what exists today, you could face monitoring app reloads should those apps attempt to use a new data connection. Additionally the data connections (and thus the account) is commonly re-used by other custom monitoring apps which may access other paths.

207 Views
0 Likes
tduarte
Partner - Creator II
Partner - Creator II
‎2025-07-16 09:39 AM
Author

In response to Levi_Turner

Hi Levi,

We had a situation recently where the Qlik services domain account got locked (domain policy).
Upon investigation we found out that it was caused by Monitoring Apps reload attempts when the Qlik Sense certificates were regenerated due to some issues with a Qlik Sense upgrade. When the certificates changed, the Monitoring Apps QRS data connections password encryption was affected and it was considered an incorrect password. It caused the RootAdmin account to lock which affected all the QS services.
For this reason, we were wondering whether we could use a separate user account.

195 Views
0 Likes
Levi_Turner
Employee
Employee
‎2025-07-16 09:50 AM

In response to tduarte

Got it. You can absolutely use a separate account. The typical value of using the service account is that service accounts often are not subject to password rotation policies (commonly 90 days in organizations). So just be mindful of either rotating the passwords in alignment of your corporate policies and then adjust the data connections or getting an exception (typically this involves using a very long password).

Create an account in AD, then

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Reload the License Monitor

3. Elevate the user to RootAdmin (QMC > Users)

or

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Log in as the user

3. Reload the License Monitor

The user needn't have a license.

192 Views
0 Likes
tduarte
Partner - Creator II
Partner - Creator II
‎2025-07-16 01:00 PM
Author

In response to Levi_Turner

Thanks @Levi_Turner but I still have a few questions:

1. Why in the first option the user needs to be elevated to RootAdmin and not in the second?

2. Why do we need to reload the License Monitor specifically?

3. What are the exact necessary permissions for the new user account to query the QRS as part of the data connection?

178 Views
0 Likes
Levi_Turner
Employee
Employee
‎2025-07-16 03:10 PM

In response to tduarte

Whoops, both need to be elevated. Missed that as I was writing a response whilst doing other things.

 

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Reload the License Monitor

3. Elevate the user to RootAdmin (QMC > Users)

or

1. adjust the user + password in the QMC > Data Connections section (hint, you can multi-select and edit them all at one time)

2. Log in as the user

3. Elevate the user to RootAdmin (QMC > Users)

4. Reload the License Monitor

> 2. Why do we need to reload the License Monitor specifically?

It's faster to reload than the Ops Monitor.

3. What are the exact necessary permissions for the new user account to query the QRS as part of the data connection?

 

App*,Event*,License*,Task*,User* ought to work but you'd need to test this. As mentioned, other apps may re-use these connections (via WITH CONNECTION techniques) so if you go custom here, you will need to debug why those apps do not work properly. RootAdmin is documented and will ensure those apps work.

172 Views
0 Likes