Re: Qliksense user management in qmc - Qlik Community

Xuser112 · ‎2021-11-08

I have user directory 'A' from which users will come and access qlik streams, apps, and reports. Now I have a requirement that I should allow only a few users into my project stream and nothing else.

I know we can create a security rule that matches only that active directory domain and allow users to the destination.

But there is an issue if we do like that:

Active directory users:

Total: 100

My project users: 50

others: 50

I want only that 50 users into my project stream and don't want other 50 users from the same Active directory.

Roles have been assigned for my project users in the active directory itself like "qliksense project A user" and I want this information to map in qlik qmc so that I can achieve my solution. I know we can assign roles/groups in qmc but I want that process to be automatic because we cannot do that manual thing for 10000 users.

is there any way that fulfills my requirement?

Aaryan · ‎2021-11-09

Hi @Xuser112 ,

I think you can ask your Active directory administrator to create a new group in AD and you can add those users which you want in Qliksense to be part of that group, then you can just use that group as filter in Qliksense LDAP to filter those users.

There are some articles which you can use as reference for creating LDAP filters ,but you can ask your AD admin to provide you exact filter to import these users, by this way you just need to update that group to import users in Qliksense.

--https://community.qlik.com/t5/Knowledge/Qlik-Sense-on-Windows-Configuring-and-testing-LDAP-filters-f...

--https://help.qlik.com/en-US/sense-admin/August2021/Subsystems/DeployAdministerQSE/Content/Sense_Depl...

Hope this helps !!

Thanks

Xuser112 · ‎2021-11-09

Hi @Aaryan , Thanks for your response
as I said earlier in the main post, we already have groups created and filtering that group only. And we are using AD security rule(Domain value) to filter out that AD group.
The problem is :

Lets say, in future a different group from the same AD domain want to access to new Project stream and they should not access old project stream, we have to setup the security rule again (with same domain), then they automatically get access to old project as well because of the same domain.

Maria_Halley · ‎2021-11-09

@Xuser112

Using windows group should work, but then you reliant on your Sysadmin to add new users and groups. But this might not be an issues for you.

You could also use custom properties. You do have to tag the users with the right properties, but you can multi select.

You can then write your security rules ,using the properties, so when you add users you tag them with the right permissions.

There is a good example in this tread

https://community.qlik.com/t5/New-to-Qlik-Sense/Assign-Custom-properties-to-multiply-users/td-p/9469...

And a link to the help

https://help.qlik.com/en-US/sense-admin/August2021/Subsystems/DeployAdministerQSE/Content/Sense_Depl...

Xuser112 · ‎2021-11-09

Hi @Maria_Halley Thanks for your response

I know that we can manually go and select users and can assign roles/groups &properties.

Could you help me to do the same task in automated way(by mapping third party files or db connections to assign roles/groups) because I will be having over 30000 users in future?

Maria_Halley · ‎2021-11-29

@Xuser112

If you use AD groups the users will be assigned a license automatically if you set up a rule that grants license to that group.

I don't know a way to automate adding custom properties automatically, as a far as I know you can't do it. At least not from the QMC interface.

Maria_Halley · ‎2021-12-14

@Xuser112

Did you find a solution for the issue?

Qliksense user management in qmc

Qliksense QMC Security Role