Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mbespartochnyy
Creator III
Creator III
‎2020-10-20 06:17 PM

What does context option mean in QMC Security Rule?

Hello,

This may be a simple question, but I've been curious about Context option when creating a new security rule. This is what I'm talking about:

Security Rule Context.png

This Qlik Support Document says:

"You can specify whether the security rule should apply: Both in hub and QMCOnly in hub, or Only in QMC."

I don't think that needs to be said though. The presence of dropdown tells me that I can specify where the rule should be applied.

What I'm looking to understand are the implications and uses of context option.

Where does it play a role? For example, if I'm creating a rule to grant users access to a stream, it doesn't seem to makes any sense for me to select Both in hub and QMC or Only in QMC options. I would think that if it's a rule to grant users access to a stream, then it would be obvious that the context is Only in hub.

What happens then if I setup stream access rule and set context to be Only in QMC? Will a user now have access to Streams section of QMC and be able to edit specified stream in QMC?

Thanks,

Mikhail B.

Labels (5)
833 Views
0 Likes
1 Solution

Accepted Solutions
Vegar
MVP
MVP
‎2020-10-21 01:30 AM

You are spot on. Giving access to a stream only in hub will give the user access in the hub, but not in the QMC and vice versa. 

Take a look at the built in admin roles and you will see that the most of their accesses are limited to the QMC. 

Vegar
Qlik Community MVP

View solution in original post

799 Views
0 Likes
3 Replies
Vegar
MVP
MVP
‎2020-10-21 01:30 AM

You are spot on. Giving access to a stream only in hub will give the user access in the hub, but not in the QMC and vice versa. 

Take a look at the built in admin roles and you will see that the most of their accesses are limited to the QMC. 

Vegar
Qlik Community MVP
800 Views
0 Likes
mbespartochnyy
Creator III
Creator III
‎2020-10-21 11:31 AM
Author

In response to Vegar

That's good to know. Thanks, Vegar! I'll explore admin roles and see what I'll learn from them.

791 Views
0 Likes
mbespartochnyy
Creator III
Creator III
‎2020-10-29 09:30 AM
Author

I did some testing and confirmed that context does what it is implying, however, going along with example of a stream I mentioned in the question, setting context to Only QMC doesn't actually grant access for a user to Read, Update, and Publish to a stream in QMC. More precisely, in QMC, unlike in the hub, a stream is "hidden" behind QmcSection_Stream resource. If a user doesn't have access to Stream QMC section, they will not be able to read, update, or publish to a stream in QMC even if I create a rule saying that they should be able to do that in QMC.

That's what was confusing me. I was using a test account that didn't have access to QMC. I setup that rule that I mentioned in the question with context set to Only in QMC and went to QMC with the test account thinking that rule will give the account access to QMC and all of the streams, but it didn't. That made me think that context is pointless and doesn't work in certain scenarios when in reality it worked, but there was an additional rule that needed to be created first to allow the user to access Streams section in QMC.

775 Views
0 Likes