Qlik Sense allows for flexible assignment of user access rights by utilizing Security Rule.
This article is meant to help in identifying if a Security Rule is causing an issue. For information on how Security Rules operate, please see the official Qlik Sense Help site for your respective version > Designing access control > Security rules evaluation
Each time a user requests access to a resource, Qlik Sense evaluates the request against the security rules in the Qlik Sense system. If at least one rule evaluates to True then Qlik Sense will provide the user with access according to the conditions and actions described in the security rule. If no rules evaluate to True then the user will be denied access. The fact that Qlik Sense security rules are property-based makes Qlik Sense very scalable as you can build rules based on properties that apply to groups of users.
As of such, it is possible that multiple custom security rules are in place that are overriding each other, or multiple "Roles" are assigned to a User in the "Users" tab and their rights are conflicting.
This article provide guidance on how to conclude if the issue is caused by Security Rules or by something else.
Also see related article Qlik Sense How to: Use the Audit function to see what access user has to apps in the hub, and what r...
Environment:
- Qlik Sense Enterprise all versions
For Qlik Sense February 2019 (13.9.2), please first refer to Super Admin Security Rule not working
Resolution:
When a user reported an issue, create a super admin role, assign it to that user and see if the issue will be resolved.
1. Go to QMC > Security Rules
2. Click Create new button
3. Enter T-SuperAdmin in Name
4. Enter SuperAdmin for Troubleshooting Purpose in Description
5. Enter * in Resource filter
6. Tick "Create", "Read", "Update", "Delete", "Export", "Publish","Change owner", "Change role", "Export data", "Access offline", "Duplicate" in Action
7. Enter ((user.roles="T-SuperAdmin")) in Conditions
8. Select Both in hub and QMC in Context
9. Press Apply button
10. Go to QMC > Users
11. Select the user who has the issue and click Edit button
12. Click Add role button and select T-SuperAdmin
13. If any existing role or custom properties applied, please remove it
14. Press Apply button
15. Ask the user who reported to do the test and see if the issue will be resolved for that user
Note: Please also ask the user to close all of the existing browsers before start the test.
If the issue resolved:
Security Rule related. Please review existing security rules
If the issue is not resolved:
Not Security Related