
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Qlik Sense Enterprise 403 Access was denied errors in Service Repository Logs
Jul 12, 2021 2:18:44 AM
Jul 8, 2021 1:58:08 PM
The Service Repository logs report '403 Access was denied '
The logs can be found here:
C:\ProgramData\Qlik\Sense\Log\Repository\System
You will find 2 different types of 403 Access was denied errors in combination with /qrs/requestaccesstype:
/qrs/requestaccesstype License professional access 403 Access was denied for User: 'DOMAIN\administrator', with AccessID '3a5f6bbc-45f0-4203-b49f-92142a330228', SessionId: '708d4b57-ef6c-4f97-83b5-7374d4d406c9', SessionCount: '5', Hostname: '::ffff:172.16.16.102', OperationType: 'UsageDenied' a8b195ea-5958-4e01-ab74-31d45e14e413
and
/qrs/requestaccesstype Undefined 403 Access was denied for User: 'DOMAIN\administrator', SessionId: '54a77dc2-b9b8-439c-b8fb-93823f6a00a2', Hostname: '::ffff:172.16.16.102', Requested access types: '', OperationType: 'UsageDenied' e1c03b18-e6dd-4623-b3db-3390e7d0c827
Environment
Qlik Sense Enterprise on Windows April 2018 or higher
Reloads in Qlik Sense may generate calls against the Qlik Sense Proxy API. An example is the reload of the monitoring applications.
In Qlik Sense April 2018, the user executing those API calls (by default the Qlik Sense Service account) is now opening parallel active sessions.
This behavior has an impact on User Access Pass Allocation only and was introduced as a consequence of the introduction of analyzer users in the Qlik Sense April 2018 release.
Qlik Sense Service account: "You cannot access Qlik Sense because you have no access pass"
Cause
When making a QRS API call over QPS (like the Operations and License Monitor apps do out of the box), the request will undergo a license check (/qrs/requestaccesstype)
- If they have a license, it will use a session of the license (1 out of 5). If they have exhausted their sessions on the license then it will report UsageDenied (SessionCount: '5',)
- If they do not have a license then it will report UsageDenied, but no SessionCount
These are benign messages and false-positive errors
This was raised as Defect QB-2579, but is considered WAD (Working as designed)
Related Content
Qlik Sense Service account: "You cannot access Qlik Sense because you have no access pass"

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi,
Thanks for this description!
I would only like to have ERRORs in the log on which I should act upon.
Do you know any workaround to prevent the log from containing those errors?
The only other option I see is to create a copy of the sheet I use for monitoring purposes, and suppress the ERRORs I don't want to see. But I don't prefer that option..
Grt,
Suzanne

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @Suzanne_van_der_Tang
We recommend logging a support ticket regarding this with the reasoning you've provided me here. This would help our engineers investigate with RnD if the issue can be re-evaluated.
All the best,
Sonja

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Sonja_Bauernfeind ,
Thanks for the reply! I have created a case for this (number 00022726).
Grt,
Suzanne

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
There is a workaround as well.
If you have an issue with this extra benign log entry, you can edit the REST connections to use certificates.
The process is elaborated in the rest connector documentation in the section for how to use certificates in rest connections.
https://help.qlik.com/en-US/connectors/Subsystems/REST_connector_help/Content/Connectors_REST/Create...

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @JanJorissen ,
Thanks for the reply. I've seen that workaround. Do you know if there are any disadvantages I will encounter when using REST/certificates instead of the current solution?
Grt,
Suzanne