Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Save $600 on Qlik Connect registration! Sign up by Dec. 6 to get an extra $100 off with code CYBERSAVE: REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
Mr_Pearl
Creator II
Creator II

Changing user access rules not taking effect

We provide token based user access to our organisation staff. We have to restrict user access for many people in our organisation. Below are the steps we took but it doesnt work.

1. Virtual proxies --> Authentication --> "No Anonymous user" is our default settings

2. License Usage summary --> User access allocations --> User access rules -->

Resource filter= "License.UserAccessGroup_xxxxxx...",

"Allow access" checkbox selected

"Actions"=changed to new Active directory group that have selected members whom we want to have access.

3. License usage summary --> User access allocations --> Selected individual members who are not in new Active Directory group and then chose "Deallocate" token. Some users disappered from this table and others got "quarantined" in this table.

We expect staff who are not part of new Active Directory group and who are either quarantined or got removed in step 3 above to not to have access. But they are still able to access Qlik sense Hub. What are we missing here?

We tried restarting the Qlik services and treid restarting Qlik server but the removed staff are still able to login into Qlik sense hub. How do we stop them from accessing.

We can we can block the users but that is an endless process for us.

 

Labels (2)
1 Solution

Accepted Solutions
Mr_Pearl
Creator II
Creator II
Author

Hi @Mark_Little  Thank you for your response.

I understood the issue. All this time I thought rule and token deallocation is not working because Qlik is letting me log into Qlik Sense hub. But later realized that even though access is removed, users can still login but only when they attempt to view an app or create an app, they will get an error message saying they dont have login pass and Qlik does not let them do anything.

View solution in original post

5 Replies
Mark_Little
Luminary
Luminary

HI @Mr_Pearl 

What you have to consider when doing Security rules is that if a rule says a user can do a rule saying they can't won't work. You have to build them up saying this group can do this, this groups can do this. If you create a rule saying every user can do everything it will over rule all other rules

Mr_Pearl
Creator II
Creator II
Author

Hi@Mark_Little 

When I mentioned I have changed the Active directory group in point 2 above, I meant I have deleted the old active directory group that provided access to many staff and replaced it with new active directory group. Unfortunately I cannot exclude all users in old AD group because some of them are in the new AD group. Please let me know if I didnt understand it right.

Mark_Little
Luminary
Luminary

Hi 

I may be missing understanding, But you can't right a rule to say a group can't do something. You would need two rules, Everyone can do 'x' and old group can also do 'y'

Mr_Pearl
Creator II
Creator II
Author

Hi @Mark_Little , I tried all the options with security rule but doesnt work. I have been using security rule for years now, I think issue is not in security rule area. There is something else to it. I dont know what.

Mr_Pearl
Creator II
Creator II
Author

Hi @Mark_Little  Thank you for your response.

I understood the issue. All this time I thought rule and token deallocation is not working because Qlik is letting me log into Qlik Sense hub. But later realized that even though access is removed, users can still login but only when they attempt to view an app or create an app, they will get an error message saying they dont have login pass and Qlik does not let them do anything.