Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi, I'm trying to check and explore the content library in Qlik Sense. I have created the content library and tried to upload one pic from my local system. Once done I can able to see that image into the respective folder (Static Content) from Qlik Sense server.
Question: When I tried to upload files via data load editor. I can able to see the folder structure details. But some videos its showing shortcut folder path to Qlik sense server.
reference link : https://www.youtube.com/watch?v=TA8qmacWogU (In this video I can able to see the folder shortcut)
please suggest.
Hi @Jack_Guo Yes. We didn't give RootAdmin or Content Admin role. But we created our own rule and give that to particular user. But they need to see only particular folder.
I'm not understand this below one.
you should remove the "Qlik Sense service account" from the folder. Right click on the folder >Properties>Security tab> Remove the "Qlik Sense service account" from the user permission list.
You mean need to remove each folder which one we are going restrict. Is that way?
Hi @balajibc64 ,
if the user is assigned a role and does have view of folder like C or D drive, that means the user is able to see the Windows folders because the windows folders are accessible by Qlik Sense service account, no matter this Qlik Sense user have access to the Windows folder or not.
If the Qlik Service account has Read(at least) access to the folder, then the user will be able to see the folder and files inside the folder in Qlik Sense.
If the Qlik Service account has no access to the folder, then the user will be able to see the folder and will Not be able to see the files inside the folder in Qlik Sense.
If you give the user role to have the view of folder in Qlik Sense, and do NOT want the user to see the specific folder. Then you have to remove the Qlik Sense service account from the user permission list on that specific folder in Windows. But it also affects the other user who have the same role assigned or root/content admin role assigned that those users will not be able to see the files inside the specific folder. Because the Qlik Sense service account doesn't have access to that specific folder.
So the best practice on your case is,
1. Not give any root admin, content admin or customized role that having data connection access to the specific user. Refer to the below article.
2. Let root admin create a folder connection to the specific folder.
3. In QMC>Data Conenction, find and eidt the new created folder connection, in the Security Rule part, create a associated security rule. and give the specific user access to this new folder connection.
4. When the specific user in the app>data load editor, they will see the folder connection in the connection list on the right hand.
5. The above practice will make sure the specific user only has access to the specific folder for data connection. they will not have any view of other folders on the server in C or D drives.
I hope this is clear.
Hi @Jack_Guo Thanks. Let me check.
Hi @Jack_Guo I have checked this "you should remove the "Qlik Sense service account" from the folder. Right click on the folder >Properties>Security tab> Remove the "Qlik Sense service account" from the user permission list."
In my server, we have folder ProgramFiles --> Qlik . Now I want to restrict this Qlik Folder. So I click on the Qlik folder and checked the security tab. But there is no Qlik Sense service account in the (Group or User names part). I can see only Administrators group.
Note: I have checked this administrator group from computer management. This group having all Qlik related account. (Eg. Qlikadmin)
Please suggest.
Hi @balajibc64 ,
I only recommend the below.
So the best practice on your case is,
1. Not give any root admin, content admin or customized role that having data connection access to the specific user. Refer to the below article.
2. Let root admin create a folder connection to the specific folder.
3. In QMC>Data Conenction, find and eidt the new created folder connection, in the Security Rule part, create a associated security rule. and give the specific user access to this new folder connection.
4. When the specific user in the app>data load editor, they will see the folder connection in the connection list on the right hand.
5. The above practice will make sure the specific user only has access to the specific folder for data connection. they will not have any view of other folders on the server in C or D drives.
Hi @Jack_Guo Thanks. But still having some doubt. Below are the things i did.
1. I'm the Admin. I have all access.
2. Created one user and didn't apply role in the QMC under USER tab.
3. Created data connection from QMC. In connection string I gave one path location (path is in server).
4. From Security rule, the default FolderDataConnection disabled this rule.
5. Create one security rule with conditions. select Dataconnection* and action is "READ" and applied some condition. below is the rule.
((resource.type!="folder" or user.name="XXX"))
This is what till now I done. After checked with respective user, yes he can't see the C and D drive folder. He can able to see only folder location which I mentioned in the DataConnection (from QMC) under connection string tab.
But after disabled the FolderDataConnection from security rule, even I can't able to see the C and D drive. Since I'm the root admin user.
Please suggest. Meanwhile will check the other things. I can't able to put screenshot due to policy.
Hi @Jack_Guo Thanks for your support. Its working for me. As per your step I found the solution.
@balajibc64 great to hear it works for you! cheers