Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi Qlikers,
I want to create a security rule for granting only "Read" access to the data connection I called "TESTING".
First at all, I read part of the documentation published by Qlik and I understood that like Qlik says: security rules are inclusive by design. That means that they permit us to set what kind of access we want to grant to our users and for one or more resources. So, according my understanding, if I create a rule for granting "Read" access to a data connection (folder type) then this user shouldn't be able to create or update any file inside the data connection. Right? I audited the access of my test user "QLIK" on the resource "TESTING" and that's the result:
According the previous screenshot "QLIK" user only can Read and can't update, delete or create anything, is it right? So, why if this user uses the STORE sentence then she can create or update any file inside "TESTING"?
Thanks for your time
Hi @LDR
Unfortunately this is currently working as designed. Update/Delete/Create relates to updating/deleting/creating the data connection itself, not the files inside the folder it links to.
There is unfortunately no good workaround at the moment. You can read more in the below article:
Hi @Damien_V
Oh! what a pity
I voted by the idea so hopefully we'll have some solution in the future.
I'd like to know if the same happens with Qlik Saas, can you confirm me it? I mean, users can overwrite files with a read access permission in a Folder connection.
Thanks in advance
Hi @LDR
"Folder connection" is not available in Qlik Cloud.
You need to store your files on a cloud service such as Amazon S3 or Onedrive, and you should be able to limit the rights on the Amazon/Onedrive side to which user can write to it.
The same approach is also be possible in Qlik Sense on Windows.
Hi @Damien_V
First at all thanks for your answers.
However, I'd like to express my humble opinion:
- To protect who can write inside any Folder Connection should be managed as a "must" and not as a new feature that has to be voted by the community.
Maybe I'm lossing something about this topic but it looks a basic question, users with "Read" permissions can read any content inside a Connection Folder but they can't modify anything unless they have "Write" permissions.
I hope this feature will be included in a close future.
Best regards