Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Accelerate Your Success: Fuel your data and AI journey with the right services, delivered by our experts. Learn More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
t_donnet
Partner - Creator
Partner - Creator
‎2022-10-11 04:56 AM

Limit a RootAdmin to modify Security Rules

Hi,

Context: on Qlik Sense Entreprise, there is two RootAdmin. One of them is the "real" RootAdmin and the second isn't completly. 
The second RootAdmin doesn't have the right to export/duplicate some apps (sensitive data). It's complicated to limited for a RootAdmin role on apps that he shouldn't be allowed. He needs to have all access(HUB/QMC), except on the specific apps and/or to modify security rules (Only read).


How to create a security rule(s) to limit the interaction on the securtiy rules section ?
or
How to create a custom role ("Custom Admin") with full access and limit on specific apps and/or security rules? 

Regards,
Théo

Labels (2)
Labels
729 Views
0 Likes
6 Replies
Jack_Guo
Support
Support
‎2022-10-11 07:26 AM

Hi @t_donnet ,

Hope you can get some idea from the below link

https://help.qlik.com/en-US/sense-admin/May2022/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

The CustomAdmin role will not have access to the Security Rule section in QMC unless you add resource filter 'QmcSection_SystemRule' in the CustomAdmin QMC access security rule.

Hope this helps.

702 Views
0 Likes
t_donnet
Partner - Creator
Partner - Creator
‎2022-10-11 07:38 AM
Author

In response to Jack_Guo

Hi Jack,

This way is interesting.

Do you have the list of the complete resource?

By the way, this CustomAdmin role will still have the rights to export and duplicate all applications.

Regards,
Théo

697 Views
0 Likes
Jack_Guo
Support
Support
‎2022-10-11 07:45 AM

Hi @t_donnet ,

You can find the list of available Resource Filters via the below link.

https://help.qlik.com/en-US/sense-admin/May2022/Subsystems/DeployAdministerQSE/Content/Sense_DeployA...

Yes, CustomAdmin role can have the rights to export or duplicate all apps. For example, resource filter 'App_*,  Actions 'Export and Duplicate'. Refer to the first link I sent to you in my last reply.

693 Views
0 Likes
Filippo_Nicolussi_P
Support
Support
‎2022-10-11 07:53 AM

You could check an example with screenshots here https://community.qlik.com/t5/New-to-Qlik-Sense/How-to-create-custom-User-Roles-in-Qlik-Sense/td-p/1... . 

Help users find answers! Don't forget to mark a solution that worked for you! If already marked, give it a thumbs up!
690 Views
0 Likes
t_donnet
Partner - Creator
Partner - Creator
‎2022-10-12 07:41 AM
Author

In response to Filippo_Nicolussi_P

Hi Filippo,

Thanks for you help.

 

The idea behind my request is the intellectual protection of scripts. 

How to give most permission to the client user while our apps/scripts is 'protected' ?

 

Regards,
Théo

676 Views
0 Likes
Filippo_Nicolussi_P
Support
Support
‎2022-10-12 10:17 AM

In response to t_donnet

Hi 

From here   in the condition in pseudo code .... and  ( resource.objectType!= "app_appscript" or  resource.objectType!="loadmodel") .... .

Help users find answers! Don't forget to mark a solution that worked for you! If already marked, give it a thumbs up!
670 Views
0 Likes