Data Connection (Crate a New Connection) Problems - Qlik Community

pgalvezt · ‎2019-11-20

Hello!!

I would like to know why when a user creates a new connection from their new application (New QVF) ... That connection is shared to all other users. How can I avoid that problem. You should only see the connection that a specific user created only in your application and not be seen everywhere. Thank you !!!

Mauritz_SA · ‎2019-11-21

Hi there

I suspect that the default DataConnection grants this access. It is for creating and reading data connections (except folder conenctions) and has no other restrictions so it will allow all users to see the connections available. If I were you I would try to disable it (not deleting or modifying it) and making a copy of it with the following conditions:

resource.owner = user and resource.type!="folder"

You can remove the underlined part if you don't mind users creating or reading folder actions.

I would, however, make sure that all of the apps can be reloaded with this condition.

Regards,

Mauritz

Wilson_Webb · ‎2019-11-21

Hi There,

The reason for this that the Data connection is being shared by default. You can restrict this by applying a security rule to the data connection.

https://help.qlik.com/en-US/sense/2.2/Subsystems/ManagementConsole/Content/create-access-rights-for-...

Mauritz_SA · ‎2019-11-21

Hi Wilson

You cannot restrict access to a resource using a rule when another rule grants access to that resource. You will have to disable the default rule which grants access to the resource and create a version of it with your own restrictions added to the conditions. In this case it seems as if it is a generic rule which needs to be created, if the steps in your link are followed then the default rule will have to be disabled, another rule created to allow users to create data connections, and the rule will need to be added for every single data connection (as they are created) and I don't think anyone has time for (not to mention that you won't have read access before then so the data connections will disappear as soon as you create them 🙂).

Regards,

Mauritz

Wilson_Webb · ‎2019-11-21

Hi Mauritz,

This is why following the correct change request processes in any organisation is imperative. Content Admin is supposed to manage the process of access on connections. We cannot object by saying it is too much work. It is the correct process and it ensures consistency. If you were to log onto any console on any given day and explain more than one processes for the same task, you have consistency issues.

As developers and consultants, we should always be ambassadors of best practice.

Mauritz_SA · ‎2019-11-21

Hi Wilson

I hear what you are saying and I agree, but this is not a best practice question, it is a question as to how to achieve something in Qlik. Since my suggestion is actually limiting the access to data connections more than what Qlik does with the default DataConnection rule I would say there is no harm in doing it.

My main point that I was trying to make when I replied to your answer was that you cannot revoke access using a rule if another rule grants access. How they go about assigning access is up to them, but from the initial question it seemed like it is something they want to do automatically.

Anyways, it was just my 2 cents and ultimately up to them to decide how they manage their server(s) 🙂.

Regards,

Mauritz

Wilson_Webb · ‎2019-11-21

Well Said,

Thanks, Mauritz