Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Mr_Pearl
Creator II
Creator II
‎2022-10-13 12:16 AM

Changing user access rules not taking effect

We provide token based user access to our organisation staff. We have to restrict user access for many people in our organisation. Below are the steps we took but it doesnt work.

1. Virtual proxies --> Authentication --> "No Anonymous user" is our default settings

2. License Usage summary --> User access allocations --> User access rules -->

Resource filter= "License.UserAccessGroup_xxxxxx...",

"Allow access" checkbox selected

"Actions"=changed to new Active directory group that have selected members whom we want to have access.

3. License usage summary --> User access allocations --> Selected individual members who are not in new Active Directory group and then chose "Deallocate" token. Some users disappered from this table and others got "quarantined" in this table.

We expect staff who are not part of new Active Directory group and who are either quarantined or got removed in step 3 above to not to have access. But they are still able to access Qlik sense Hub. What are we missing here?

We tried restarting the Qlik services and treid restarting Qlik server but the removed staff are still able to login into Qlik sense hub. How do we stop them from accessing.

We can we can block the users but that is an endless process for us.

 

Labels (2)
Labels
506 Views
0 Likes
1 Solution

Accepted Solutions
Mr_Pearl
Creator II
Creator II
‎2022-10-16 08:37 PM
Author

In response to Mr_Pearl

Hi @Mark_Little  Thank you for your response.

I understood the issue. All this time I thought rule and token deallocation is not working because Qlik is letting me log into Qlik Sense hub. But later realized that even though access is removed, users can still login but only when they attempt to view an app or create an app, they will get an error message saying they dont have login pass and Qlik does not let them do anything.

View solution in original post

432 Views
0 Likes
5 Replies
Mark_Little
Luminary
Luminary
‎2022-10-13 02:51 AM

HI @Mr_Pearl 

What you have to consider when doing Security rules is that if a rule says a user can do a rule saying they can't won't work. You have to build them up saying this group can do this, this groups can do this. If you create a rule saying every user can do everything it will over rule all other rules

483 Views
0 Likes
Mr_Pearl
Creator II
Creator II
‎2022-10-13 07:14 PM
Author

In response to Mark_Little

Hi@Mark_Little 

When I mentioned I have changed the Active directory group in point 2 above, I meant I have deleted the old active directory group that provided access to many staff and replaced it with new active directory group. Unfortunately I cannot exclude all users in old AD group because some of them are in the new AD group. Please let me know if I didnt understand it right.

466 Views
0 Likes
Mark_Little
Luminary
Luminary
‎2022-10-14 03:08 AM

Hi 

I may be missing understanding, But you can't right a rule to say a group can't do something. You would need two rules, Everyone can do 'x' and old group can also do 'y'

458 Views
0 Likes
Mr_Pearl
Creator II
Creator II
‎2022-10-16 07:07 PM
Author

In response to Mark_Little

Hi @Mark_Little , I tried all the options with security rule but doesnt work. I have been using security rule for years now, I think issue is not in security rule area. There is something else to it. I dont know what.

434 Views
0 Likes
Mr_Pearl
Creator II
Creator II
‎2022-10-16 08:37 PM
Author

In response to Mr_Pearl

Hi @Mark_Little  Thank you for your response.

I understood the issue. All this time I thought rule and token deallocation is not working because Qlik is letting me log into Qlik Sense hub. But later realized that even though access is removed, users can still login but only when they attempt to view an app or create an app, they will get an error message saying they dont have login pass and Qlik does not let them do anything.

433 Views
0 Likes