This article provides a step-by-step guide on building a write back solution with only native Qlik components and automations. 

Content:

• Environment
• Write back use cases
• 1. Ticket creation
• 2. Data annotation
• 3. Update records
• Tutorial: ticket creation
• 1. Configuring the button in the app
• 2. Configuring the automation
• Configuring the toast notification
• Reloads
• Limitations

Disclaimer for reporting use cases: this solution could produce inconsistent results in reports produced with automations; when using the button to pass through selections, the intended report composition and associated data reduction for the report may not be achieved. This is due to the fact that the session state of Qlik Application Automation cannot be transferred to the report composition definition that is passed to the Qlik Reporting Service.

Environment

• Qlik Sense app
• Qlik Application Automation
• A business tool that's used as the data source (we'll use HubSpot in this example)

Write back use cases

When analyzing results in a Qlik Sense app, it could happen you spot a mistake in your data or something that seems odd. To address this, you may want someone from your team to investigate this or you may want to update data in your source systems directly without leaving Qlik. Or maybe your data is just fine but you want to add a new record from within Qlik without having to open your business application. These scenarios fit in the following use cases:

1. Ticket creation: create a ticket to ensure a data review or update task will get followed up by your data team
2. Data annotation: add a comment or tag to one or more records in your source data 
3. Data change: add new records or update existing ones
   
   

1. Ticket creation

This is the least intrusive form of writing back that delegates the change to someone in your data team. The idea is that you create a ticket in a task management system like Jira or ServiceNow. Someone from your team will then pick up the ticket, investigate your comment, and review the data. The difference with sending an alert or email is that the ticketing system guarantees that the request is tracked.

2. Data annotation

Another option to communicate changes is to write a comment or a tag for one or more records directly to the source system. This could be a comment on a deal record in your CRM or it could be stored in a separate database table if you're loading data from a database.

3. Update records

The final use case allows for updating records directly from within the sheet. Make sure you know who has access to the button before setting this up since this will allow users to change records directly.

Tutorial: ticket creation

All the above use cases can be realized in the same way: by configuring a native Qlik Sense button in your sheet to run an automation. Before you start this tutorial, make sure you already have an app and a new, empty automation. The tutorial has 2 parts:

1. Configuring the button in the app
2. Configuring the automation

1. Configuring the button in the app

To configure the app, we'll use the following native Qlik Sense components:

• Button: Used to trigger the automation.
• Variable input: Used to allow users to specify parameters to use in the automation (for example, a variable to store a comment).
• Container: Used to group the variable inputs and the button for a better user experience.
• Table: Used to easily select records for the data annotation or ticket creation use case.

Steps:

1. Open your app and add the Container component to a sheet that already contains a Table with records. Then add (a) Button to the Container component. To configure the button, click the (b) Container and go to (c) Edit properties on the button. Feel free to give the button a proper label, in this tutorial, we'll use "Create Jira ticket". 
   

   
   

2. Configure the button under the 'Actions and navigation' tab by adding a new action and setting it to 'Execute automation' and configure the automation parameter to use the empty automation you created earlier. You can only configure an automation that you own. It is not possible to configure someone else's automation. Tip: you can use the 'View this automation' link to open the automation editor in a new tab.
   

   
   

3. Check the "Include selections" option. This way, on each click, the button will create a temporary bookmark and send its ID to the automation. The temporary bookmark contains the selections that were active when the button was clicked and also the variable state which contains any values the user has supplied for variables through the Variable Input components.
   
   

   

4. Check the "Run mode: triggered" option as well. This will allow everyone who has access to the sheet to run the automation by clicking the button. If you don't select this checkbox, the automation will be executed over an API call, and only users with permission to run the automation will be able to run it through the button. Currently, only the automation owner has this permission.
   
   
   
   

5. Enable the "Show notifications" toggle, this will send a toast notification back to the user in the sheet after the automation completes. Feel free to increase the duration.

6. Add new variables to your app. Do not use load script variables for this; instead, create the variable through the Edit Sheet page. Create the following variables, only give them a name, and you can leave the other fields blank.
   
   1. title_for_jira
   2. comment_for_jira
   3. assignee_for_jira
      
      
7. Add a Variable Input component for each variable to the Container component that already has the Button from earlier. Re-arrange the components in the Container so the Button is last. Set the 'Show as' parameter for the Variable input for the ticket title and comment to the 'Input box'. For the ticket assignee, set it to 'Drop down'.
   
   Note: you'll find the Variable Input under the 'Custom objects' category.
   
   

   

8. To configure the dropdown, you'll need the user IDs of the possible assignees for the Jira ticket. One way of getting those is to use the List Users block in the Jira connector in an automation. Once you have the IDs, configure the dropdown 'Values' parameter by adding alternative values. The Value should be the user's ID and the Label should be the user's name.
   
   

    

9. Your sheet should now look like this:
   
   

   Tip: using a Container component will allow your variable inputs & button to scale better for smaller screens. 
   
   
   
   

2. Configuring the automation

1. Click the 'Copy input block' button in the Button's configuration section. This will copy a preconfigured Inputs block and Apply Bookmark block to your clipboard to get you started with the automation. Next, click the 'View this automation' link to open the automation editor in a new tab.
   

   
   

2. Right-click in the automation canvas and select 'Paste Block(s)'. Connect the new blocks to the Start block. The Apply Bookmark block will ensure that any selections applied by the user, together with the variables state (whatever the user configured for the variables before clicking the button), are available in the automation session.
   
   

   

3. Add a List Current Selections block, and configure it to use the App parameter provided through the Inputs block. This block will return all records the user selected (because they're sent over through the temporary bookmark).
   

   
   

4. Add the Get Expression block for each variable. Configure it to use the App parameter provided through the Inputs block. Use the following format for the expression, =variablename. For example: =title_for_jira. Do the same for the comment and assignee variables.
   
   

   

5. If you haven't already, this is a good point to make a selection, configure the Variable Inputs and click the button from within the app and make sure that each block is returning the correct selections/variable values. Doing this will make it easier to configure the other blocks.
   
   
6. Add a Create Issue block from the Jira connector and configure the following parameters by using the do lookup functionality. Project, Issue Type & Priority. These will be hard-coded for each new issue.
   
   Tip: use a staging or test project in Jira while building the automation.
   
   
7. Map the expression value for the Summary parameter to the output of the Get Expression Value block that's retrieving the ticket title. Do the same for the assignee and set the Comment variable as the ticket's description.
   
   

   
   
   

8. The deal IDs should be added as a comma-separated list to the issue's Description:
   
   1. Click the description input field and select the output from the List Current Selections block. Click the (a) values list and chose the 'Select first item from list' option on the next screen:
      

      
      

      
      
      

   2. Upon automation run, this will resolve to the first text value selected for the field hs_object_id (which corresponds to the deal ID from HubSpot). To update this to a comma-separated list of IDs, the mapping must first be changed to output a list of all values for hs_object_id. To do this, toggle the formula parsing:

      

   3. Change the final 0 in the formula to an asterisk '*', and turn the formula parsing back on.
      
      
      
      
   4. Click the mapping and choose 'Add formula' from the context menu. Then, search for the Implode formula. This formula will turn a list into a comma-separated list. Configure it to use a comma as a separator:
      
      
      
      
      
      
   5. Do a new test run by selecting multiple deals in your sheet and then clicking the button, this should create a new ticket in Jira with the deal IDs as a comma-separated list.
      

      
      
      
      

9. Add an Update Run Title block to the end of the automation. This will show a toast notification to the user who clicked the button after the automation is completed. Learn more about configuring this and who can see the notification in the next part of this article: "Configuring the toast notification".
   

   
   

   The resulting toast notification in the Qlik Sense app:
   
   

   

Bonus: add a link to the toast notification

Instead of showing a plain message in the toast notification, it's also possible to include a link to point the user to a certain resource. This can be done by configuring the Update Run Title block with the following snippet:

{"message":"Ticket created", "url": "https://<link to jira ticket>"}

Configuring the toast notification

Depending on the button's configuration and the automation run mode, use either the Update Run Title block or the Output block to show the toast notification.

See the below table for each option:

The run mode in the button can be configured by toggling the 'Include Selections' option in the button's settings: 

The run mode in the automation can be configured here in the Start block:

Reloads

After writing back to your source systems, you'll want to do a reload to see your changes reflected in the app. Be mindful of the impact of doing these reloads. If multiple people are using this button at the same time, you don't want to do a reload for each update. 

Problems: 

1. Reload concurrency: the same app can not be reloaded in parallel. If multiple people are using the button at the same time, it won't be possible to do reloads for every click on the button.

Improvements:

1. Partial reloads: use partial reloads to only load new data into the app. This way the reload takes less time.
2. Separate reloads: do not use the automation triggered by the button for reloads. Instead, use a separate process for this. For example:
   1. An additional button on the app that triggers reloads.
   2. A scheduled reload.
   3. Another automation with a "List Incremental" block that runs on a schedule and reads changes from the source. It will trigger a reload only if new records are available in the source. Note: not every connector in automations has an incremental block.

Limitations

1. Public access in triggered mode: when the button is set to run the automation in triggered mode, everyone who can access the sheet and click the button will be able to execute the automation.
2. No impersonation: when the automation runs, it will use the automation owner's Qlik account for the Qlik Cloud & Qlik Reporting connectors. It's not possible to impersonate the user who clicked the button. This means that any form of section access is not applied to the user who clicked the button. 
3. No parallel runs: the automation can not run in parallel. New runs get queued with a maximum queue size of 200 runs.
4. Execution token is visible: when the button is set to run the automation in triggered mode, clicking the button exposes the automation's Execution Token from the network traffic in the developer console. This token can only be used to trigger that automation and has no use for other automations or other APIs. Generating a new token can be done by copying the automation.
5. Toast notification timeout: the button will wait on the automation for a maximum of 10 minutes to return the toast notification. If the automation takes longer, it will still run to completion, but no toast notification will be shown.
6. General limits: more information on limitations can be found here: 
   
   1. Button limits
   2. Automation limits

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Most Qlik Web Storage Provider Connectors require an encryption key. If no key exists, the following error will be displayed when authenticating:

Error retrieving the URL to authenticate: ENCRYPTION_KEY_MISSING - you must manually set an encryption key before creating new connections.

Resolution

General information, as well as a list of which connectors require an encryption key, can be found in Setting an encryption key | Qlik Connectors Help.

The actual generation of a key depends on your organization's best practices, but we can provide you with an example on how to go about it with OpenSSL:

The below example is not supported by Qlik Support. Review it with your local security office to see what method your organization follows.

1. Download and install OpenSSL.
   See https://slproweb.com/products/Win32OpenSSL.html
2. Open the OpenSSL folder (default C:\Program Files\OpenSSL - Win64\bin).
   
   
   
   
3.  Open the command prompt as an administrator and run these commands:
   1. cd C:\Program Files\OpenSSL -Wind64\bin
   2. openssl rand -base64 256
      
4. Copy and save the successfully generated key. 
   
   
   
   

5. Follow the instructions on how to set the encryption key in Qlik Sense Enterprise on Windows and/or Qlik Sense Desktop:
   
   Setting an encryption key on Qlik Sense Enterprise on Windows 
   Setting an encryption key on Qlik Sense Desktop 

6. Create the data connection. 

Related Content 

Setting an encryption key | Qlik Connectors Help
Setting an encryption key on Qlik Sense Enterprise on Windows 
Setting an encryption key on Qlik Sense Desktop 

Environment

Qlik Sense Enterprise on Windows 
Qlik Sense Desktop 

Qlik Web Connectors allows loading Excel files (xls, xlsx) hosted in online file storage services such as Box, Dropbox, Google Drive and OneDrive directly into QlikView and Qlik Sense without having to save the file to disk first.

Different methods need to be applied to fetch files depending on what edition of Qlik Sense is used. 

• With Qlik Sense SaaS Editions (Qlik Sense Enterprise Business and Qlik Sense Enterprise on Cloud Services), Qlik offers a number of built in connectors. See Built-in Qlik Web Connectors for a list of available connectors. 
• With Qlik Sense Enterprise on Windows, Qlik offers Standard and Premium web connectors for install. See Data sources included in Qlik Web Connectors. 

With Qlik Sense SaaS Editions:

Note that the in-built Web Connectors are available are:

• Google Drive
• Dropbox

Unavailable at the moment are:

• OneDrive
• Box
• Sharepoint getfile and download file

To connect to, for example an excel file, stored on Google Drive:

• Open a Qlik Sense App
• Navigate to Add data

• Choose Google Drive

• Click Authenticate and follow the Google Drive authentication steps
• Copy the authentication code and paste it into the provided text bar
• Click Verify

• You can now choose supported files.

More information: Managing data sources in spaces. 
You can add data files and data connections directly in shared and personal spaces. This enables data sources to be added outside of apps for use by other space members.

With Qlik Sense Enterprise on Windows:

We use the query GetRawFileAsBinary of the appropriate connector in Qlik Web Connectors.

Once the binary content is sucessfully loaded in Qlik Web Connectors web console, you can create a webfile connection in QlikView or Qlik Sense to load data from Qlik Web Connectors.

• Choose the connector (for this test we are using the Qlik Box Connector)
• Select the query ListFilesAndFolders to identify the ID of the Excel file you want to load
• Run the query with the Folder ID parameter left blank
• This returns all files and folders in the root folder of the Box account
• Copy the ID of the folder which the Excel file is located in and paste it into the Folder ID parameter of the ListFilesAndFolders query
• Run the query again
• This will list all the files in the subfolder
• Copy the ID of the file we want to load
• Switch to the query GetRawFileAsBinary, choose Parameters and fill in the File ID
• Click Save Inputs & Run Table
• In our example, no Data Preview is shown. 
• Obtain the URL to use by switching to the QlikView tab and copying the connection string 

In QlikView:

• Open QlikView and the Script Editor
• Select Web Files...
• Paste the link previously obtained into the Internet File text box
• Click Next >
• Proceed to load in the table

Related Content:

SaaS Topics:
Managing data sources in spaces.
Built-in Qlik Web Connectors
STT - Reloading Your Data in Qlik Sense Business

WebConnectors (not SaaS):
Data sources included in Qlik Web Connectors
Google Drive and Spreadsheets
OneDrive
Dropbox
Qlik Web Connectors authentication fails with error "Could not establish trust relationship for the SSL/TLS secure channel"

Starting at Qlik Sense Enterprise on Windows May 2021, the bundled PostgreSQL has been upgraded to version 12.5.

However, PostgreSQL 12.5 will only be deployed during a fresh installation of Qlik Sense Enterprise on Windows May 2021. This means that, if you are upgrading to Qlik Sense Enterprise on Windows May 2021, PostgreSQL will remain on 9.6.

For many organizations, running on the latest supported PostgreSQL version is a security requirement. To achieve this:

• Move Qlik Sense database to standalone PostgresSQL database in which case you will have control of which PostgreSQL version is deployed as long as it is supported by the system requirements
• Continue to use the bundled PostgreSQL with version 12.5 (see the process below)

Content:

• Step 1: Upgrading your Qlik Sense site
• Step 2: Backing up your Qlik Sense site
• Step 3: Uninstall Qlik Sense on the central node
• Step 4: Install Qlik Sense Enterprise on Windows May 2021 on the central node
• Step 5: Restoring your Qlik Sense site

The information in this article is provided as-is and to be used at your own discretion. Depending on the tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

This process requires a full reinstallation of the product. Despite the fact that a backup is being taken as part of the process, it is highly recommended to have a second backup plan in place such as a Virtual Machine snapshot and/or a Server Backup.

It is highly recommended to test this process in a test environment to get familiar with it.

Step 1: Upgrading your Qlik Sense site

The first step is to upgrade your environment to Qlik Sense Enterprise on Windows May 2021 following the steps and recommendations provided on this link.

Once the upgrade is done make sure your Qlik Sense site is completely operational.

Step 2: Backing up your Qlik Sense site

At this point, you have an operational Qlik Sense site running on Qlik Sense Enterprise on Windows May 2021, however, the bundled PostgreSQL is still on version 9.6.

The next step will be to backup your entire Qlik Sense site following these instructions (including the certificates) . The backup is essential as it will need to be restored later on.

Step 3: Uninstall Qlik Sense on the central node

You will now need to uninstall Qlik Sense from the central node following these instructions.

During the uninstall:

• Have all rim nodes stopped.
• Don't check the box Remove Qlik Sense demo apps, certificates, and data folders.
• After uninstall and before reinstall rename C:\programdata\qlik to C:\programdata\qlik.old and rename C:\program files\qlik to C:\program files\qlik.old (if you changed it on another drive adjust accordingly)

Step 4: Install Qlik Sense Enterprise on Windows May 2021 on the central node

Now that Qlik Sense Enterprise on Windows May 2021 is uninstalled on the central node, you will reinstall it as a result will deploy a bundled PostgreSQL 12.5. Instructions available here.

• select the same host name and database settings as before
• The file share can point at a temporary one since you will take the original one again after restoring the QSR database in step 5.

Do not check the box Start theQlik Senseservices when the setup is complete at the end of the installer.

Step 5: Restoring your Qlik Sense site

You now have a clean Qlik Sense Enterprise on Windows May 2021 deployed on your central node with PostgreSQL 12.5. You now need to restore your environment to retrieve all your configurations and apps.

Please follow the Restoring a Qlik Sense site (including the certificates).

Note: While restoring the database backup you will most likely receive the following error which can be ignored. This error is caused by the version discrepancies between the pg_dump that made the dump file and the pg_restore that's restoring it - in example files coming from PostgreSQL version 9.6 vs files coming from PostgreSQL version 12.5. QSR backup taken and restored with the same version of PostgreSQL will not produce that error.

pg_restore: while PROCESSING TOC:
pg_restore: from TOC entry 3; 2615 2200 SCHEMA public postgres
pg_restore: error: could not execute query: ERROR: schema "public" already exists
Command was: CREATE SCHEMA public;

pg_restore: warning: errors ignored on restore: 1

Once the environment is restored, you should be able to start your central node and rim nodes successfully.

Environment

Qlik Sense Enterprise on Windows May 2021 and later

Error 429 (Too many requests) is returned in September 2020 and later when uploading a big number of files.

Environments:

• Qlik Sense Enterprise on Windows September 2020 and later releases

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Resolution

This is due to the new DoS (Denial of Service) protection in those versions. Error 429 will happen more than 60 upload requests are sent in a 30 seconds time frame.

This protection can be disabled. Qlik does not recommend disabling DoS attack protection. 

In C:\Program  Files\Qlik\Sense\Repository\Repository.exe.config file, set the following option to false to disable it.

<add key="UseDosProtector" value="false"/>

Qlik cannot be held responsible for any damage caused by a DoS attack if the above option has been disabled.

Currently, in Qlik Application Automation it is not possible to export more than 100,000 cells using the Get Straight Table Data block.

Content:

• Full Automation
• Steps to set up the variables
• Automation structure

To overcome this limit, the workaround is to export records in batches from the Qlik Sense straight table to the cloud storage platform of your choice. The prerequisite is to have a unique numerical field in your dataset. If you don't have the unique field in your dataset, you can add it using RowNo() function in the load script as shown below. This counts the rows in the dataset.

In this example, we will export data from the Qlik Sense straight table to Dropbox as a CSV file.

You can also find an exported version of this automation and application attached to this article. More information on importing automation can be found here.

Full Automation

Automation Part 1

Automation Part 2

Automation Part 3

Steps to set up the variables

1. vAppId: Variable used to define your app ID.
2. vSheetId: Variable used to define your sheet ID.
3. vTableId: Variable used to define your straight table ID.
4. vFieldName: Variable used to define the field name on which the straight table data should be filtered based on the selection applied using the Select Field Value By Query block.

Automation structure

1. Add the Create Measure block to the automation and configure the Measure Expression parameter by providing an expression that calculates the number of rows in the dataset. In this example, I have added RowNo( ) as a unique field to the dataset, so the expression used is count([RowNo( )]).
2. Add the Get Measure block to get the number of rows in the dataset.
3. Store the number of rows obtained from the previous step in the vNRecords variable.
4. Delete the measure created using the Delete Measure block.
5. Add the vNLoops variable to calculate the number of loops that can be used to export straight table data in batches. Please note the formula used in the variable. Edit it to suit your needs. Change the 10000 value as you want but keep in mind that too many records could exceed the Get Straight Table Data block's 100,000 cells limit.
   
   
   
   
6. The Custom Code block creates a list with items 1 to n where n is the number of loops calculated in the previous step.
7. Add Create File on Dropbox block to create a new CSV file in Dropbox. You can select any other cloud storage connector, just remember to configure the relevant value in the Path parameter. The Qlik Sense straight table data will be exported to this file.
8. Add the Select Field Values By Query block to apply selection to the unique identifier created in the dataset to fetch only one record from the Get Straight Table Data block.
9. Add Write Line To File on Dropbox block to add straight table keys as column headers to the CSV file.
10. Add Loop block to loop over the list created using the Custom Code block.
11. Add Condition block to check if it's iterating over the 1st item, if yes set vRecordsStart variable value to 1, else set vRecordsStart variable value to vRecordsEnd variable. The vRecordsEnd variable represents the last record that needs to be fetched from the straight table during each iteration. Please note the formula used in the variable. The value under the Value 1 parameter in the Multiply formula should match the value provided in the Divide formula of the vNLoops variable.
    
    
    
    
12. Add the Select Field Values By Query block to apply selection to the unique identifier created in the dataset to fetch the records between vRecordsStart and vRecordsEnd variables from the Get Straight Table Data block.
13. Add Write Line To File on Dropbox block within the Get Straight Table Data block which writes each straight table data into the CSV file. Configure it to use the output from the Get Straight Table Data block as the Data parameter.
14. Add Save And Close File on Dropbox block and configure the file parameter to use the CSV file we have created.

Environment

• Qlik Cloud
• Qlik Application Automation 

The following is a compatibility matrix for Qlik NPrinting May 2021 through May 2023 with QlikView:

Qlik NPrinting May 2023 IR will be released May 30, 2023.

Related Content:

QlikView - May 2023 IR
QlikView May 2023 release and Qlik NPrinting: Do not upgrade QlikView if you use Qlik NPrinting  

Joint customers of Qlik and Alation were dancing for joy the minute they realized that there was Qlik Application Automation Connector for their Alation Cloud Catalog. 

If reading that phrase was difficult for you, it's ok. It took me a dozen takes trying to say it when I recorded the video you will find below. Powerful, but such a tongue twister. 🤣

Connecting

Like with any of the Qlik Application Automation connectors, to get started you will need to drag any of the many many many blocks to your canvas. 

Then you will need to establish the connection parameters. Simply provide the name you wan to use for your connection, your login credentials for your Alation Cloud Catalog tenant and lastly your "instance_name." Please notice below you DO NOT want to input the entire instance, just your specific company name that is part of the full name. 

Use Case

Considering the fact that I had to scroll for 10 seconds just to make the GIF file above showing the many blocks I suppose I better narrow the use case for the rest of this post down for you ... the main block that I wanted to show you was the brand spanking new block "Add Object to BI Server."

The use case that block was built to support was any scenario where you wanted to build your own user defined hierarchy within Alation. So I chose a use case that affords us the perfect opportunity to do just that ... We will be exporting all of the METADATA about my applications to my Alation Cloud Catalog. [Notice I didn't say saving our applications or sharing our data. I'm just talking about the metadata that describes our applications.]

Spaces --> Applications --> Sheets --> Objects

Thus the goal at the end is to have a folder in your Alation Cloud Catalog for each of your spaces, and inside a list of each of your applications that are part of that space, and inside that a list of each of your sheets that are part of that application, and inside of that a list of all of your objects that are part of that sheet. 

I have attached a copy of the Qlik Application Automation project/workspace for you "SendSpaceToAlation.json". So if you want to feel free to upload the workspace into a new Qlik Application Automation and you can follow along.

One thing you will notice in the project, and in the accompanying video, is that I intentionally put two Conditional blocks in my Qlik Application Automation: One that checks for a particular Space name and only goes through the process for it, and a second that checks if the Sheets are public or not. It's always good practice to limit what you are doing so that it's easier to validate everything in an isolated fashion. Once you get it working you can simply drag everything from the Yes condition of the space out, remove the condition and then output all of your spaces. Likewise, if you wish to catalog all of the metadata from your personal sheets in the application feel free to do that. Understand, that they are YOUR personal sheets, not everyone else's.

BI Server

The blocks that I utilize as part of this automation, "Add Folder to BI Server", "Add Object to BI Server", both require you as their names suggest to identify your target BI Server.  If I was just building the attached project for myself then perhaps I would utilize Qlik Application Automation's ability to simply select my BI Server from a lookup: 

If you have ever watched my You Tube series on Qlik Application Automation you will know I'm kidding. I don't like having to worry about maintenance so I typically make everything a variable. Especially when it is something like the Alation Cloud Connector Server ID that I will use multiple times throughout the project. Which works out well for you because that means when you get a .JSON project from me, like the one attached, all you need to do is modify a few variables and you are up and running. 

If you don't know the Server ID to use you have 3 options:

1. Go ahead and choose it 1 time from the lookup and it will give you the ID

2. If you are in your Alation Cloud the Server ID will be listed in the URL path

3. You could swap out the blocks to use the small "List BI Servers" block I left in this project for you. It provides you the same list that shows up if you use the Lookup functionality.

Sleep

My lack of sleep is none of your concern. However, you do need to be aware of the importance of "sleep" when it comes to the Alation Cloud Connector API's. You see they are Asynchronous. Meaning they don't make you wait while they are off and doing their thing, they return control to you immediately so you can multi-task. That is normally a great thing, but in this case we have an issue. I can't add Applications to a Space that doesn't exist yet. I can't add Sheets to an Application that doesn't exist yet. I can't add Objects to a Sheet that doesn't exist yet. 

Hence, the need for sleep. Not for you or I, but for the automation. So you will see several blocks within the project set to sleep for X number of seconds after calling the Alation Cloud Connector API's. As I point out in the video depending on your environment you may need to adjust those wait times. 

Seeing is Believing

Now that I have laid the ground work for what the use case and the special situations we are dealing with here is a video that will walk you through the project and let you see what the outcome would be in your Alation Cloud tenant. 

Above and Beyond

Hopefully, I have provided enough information in text/video to get the attached template working in your environment. But that's really just the beginning. If you listened carefully I showed an alternative template where I created a folder called Sheets under the Application, then put all of the Sheets in it. Perhaps your next step is to make that work as well.

The most important thing about that suggestion was to leave room for other folders under the Applications like "Master Dimensions", "Master Measures" and "Master Visualizations." How cool would that be? 

While I could have handed you a project template that did that for you, the most important reason I post content or share content is for YOUR LEARNING. I aim to provide enough to get you comfortable/confident working with new things like this Qlik Application Automation Connector for your Alation Cloud Catalog. 

Whether you succeed or fail at the challenge, please feel free to share below. After all, that is what Qlik Community is all about. 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

At QlikWorld 2020 I'm hosting a session called "Top 10 Visualization tips". Here's the app I used with all tips including test data. Tip titles, more details in app:

* Charts *
Parliament diagram
Scatter with trackline
Calendar Graph - Month view
Calendar Graph - Year view
Meteogram
Spiral plot
Rank chart
Slope graph
Timeline chart
Candlestick chart
Range chart
Ridgeline chart
Stream Graph
Chord diagram
Coxcomb chart
Race chart

* UI tweaks
Toolbar toggle
Hide toolbar
Hide selection bar
Hide sheet title
Hide popup buttons
Hide Pivot buttons
Hide search bar
Hide three nav
Watermark
Center titles
Highlight rows
Larger scrollbars

* Dev tips*
Scatter overlap
Persistent colors
Color thresholds
Trellis container
Responsive and mobile tips
Include from Github
Tooltip table
Radial bar charts
100% bar charts
Title and text matters more than we think
Thumbnails
Quarterly month average
Image to chart
Magic quadrant
Link to app

I want to emphasize that many of the tips are invented by others than me, I tried to credit the original author at all places when possible. Many of the tips have been published before on the Qlik Community, the app below can be viewed as my current top picks.

If you liked it, here's more tips in the same style:

• Sense Visualization tips part VI
• Sense Visualization tips 2021 part V QlikWorld
• Sense Visualization tips 2020 part IV
• Sense Visualization tips 2019 part II
• Sense Visualization tips 2019 part I

Similar but for Qlik GeoAnalytics :

• Qlik GeoAnalytics tips 2020 QlikWorld
• Qlik GeoAnalytics tips 2019 Qonnections
• Qlik GeoAnalytics tips 2018 Qonnections
  

Thanks,
Patric

You can install or remove Qlik Sense Extension bundles from your Qlik Sense deployment at any moment. If you have a multi-node installation, Qlik Sense Extension bundles are installed on the central node.

For information on how to install or import other extensions not delivered in our Qlik Sense Extension bundles, see: Installing, importing and exporting your visualizations on Qlik Help.

Note: All these steps need to be carried out in the Programs and Feature section of the Control Panel. You cannot modify or uninstall the bundle from the Add and Remove Programs menu.

Qlik Sense Enterprise on Windows (Server installation):

1. In Control Panel, open Programs and Features.
2. In the list of programs, double-click the extension bundle that you want to install or remove.
3. The Extension Bundle Setup Wizard opens. Click Next.
4. Select Change.
5. Accept the End-User License Agreement and click Next.
6. On the Custom Setup screen, click on the bundle icon to select how to modify the bundle installation:
7. If the bundle is installed, select Entire feature will be unavailable to uninstall it.
8. If the bundle is not installed, select "Entire feature will be installed on local hard drive to"
9. Then, click Next.
10. Install / Remove the bundle(s).
11. Click Change.
12. When the setup modification is complete, a message invites you to manually restart the Qlik Sense Repository Service.
13. Click Finish to close the Extension Bundle Setup Wizard.
14. Manually restart the Qlik Sense Repository Service to make the changes effective.

You can verify that the changes have been correctly applied by checking the Extensions section in the Qlik Management Console (QMC).

Qlik Sense Desktop:

You can add or remove extension bundles from your Qlik Sense Desktop installation at any moment.

Do the following:

1. In Control Panel, open Programs and Features.
2. In the list of programs, double-click the extension bundle that you want to modify.
3. The Extension Bundle Setup Wizard opens. Click Next.
4. Select Change.
5. On the Custom setup screen, click on the bundle icon to select how to modify the bundle installation:
   • If the bundle is installed, select Entire feature will be unavailable to uninstall it.
   • If the bundle is not installed, select Entire feature will be installed on local hard drive to install it.

   Then, click Next.

6. Click Change.
7. Click Finish to close the Extension Bundle Setup Wizard.

Related Content:

If after uninstalling/reinstalling the Extension Bundle, specific extensions are not available see also relevant articles below:

• Extension Bundle is not showing up in Qlik Sense HUB but its showing in QMC
• Cannot find the Extension bundle after installation / upgrade to Qlik Sense November 2018 version
• Qlik Sense upgrade or repair fails with Access to path X is denied in install logs

Replicating a table from an MS-CDC source endpoint fails with:

E: Fitness check - failed:

Resolution

When MS-Replication is enabled on the source, it creates an MS-Replication log reader job, which then reads from tlogs and populates the distribution database with the changes.

When you apply MS-CDC at the same time on the source, this creates an MS-CDC capture job, which then also reads from the tlogs, but populates the change tables.

The MS-CDC capture job could not run as the sp_repldone process, which marks the changes out the logs as replicated, could be owned by only one job. The sp_repldone process will in this situation be owned by the MS-Replication log reader job.

To mitigate this, make the following changes for your MS-CDC endpoint:

1. Open the Qlik Replicate console
2. Locate your SQL (MS-CDC) endpoint
3. Switch to Advanced 
4. Add the following Internal Parameter: skipMscdcJobFitnessCheck 
   

This tells Qlik Replicate MS-CDC not to check for the MS-CDC capture job as it doesn’t rely on it.

For more information on how to add Internal Parameters, see: Qlik Replicate: How to set Internal Parameters and what are they for? 

Environment

Qlik Replicate MS-CDC source endpoint

This article gives an overview of the available blocks in the Alation Cloud Catalog connector in Qlik Application Automation. It will also go over a basic usecase creating a datasource and a table linked to it using this connector.

More information on this connector can be found here: Using the Alation Cloud Catalog connctor

This connector consists of:

• list support for most of the Alation entities, for example: datasources, tables, users, flags, tags, groups, articles, etc;
• create/delete support for entities like datasources, tags, flags, etc;
• search support;
• Raw API support.

There are also a few blocks available for managing metadata and jobs, for example, to trigger or see details of a job. You can use the Raw API blocks in order to configure other endpoints that are not covered by default.

For authenticating, you will need to provide your username, password, and specify your Alation subdomain.

Let's now go over a basic example of how to create a datasource and a table linked to that datasource using the Alation Cloud Catalog connector:

1. Create an automation;
2. From the left menu, select the Alation Cloud Catalog connector;
   
3. Use the 'Search for blocks' input to search for the Create datasource block;
   
4. Drag and drop the block into the automation and link it to the start block;
   
   
5. On the right side of the screen, use the input fields to fill in the information about the datasource.
   
6. Use the 'Search for blocks' input to search for the Create datasource table block;
7. Drag and drop the block into the automation and link it to the Create datasource block;
   
8. On the right side of the screen, use the input fields to fill in the information about the datasource table. In the datasource id field, use the example output from the previous block to add the id.
   
9. Run the automation. This will create a new datasource in your Alation Cloud Catalog account and a table linked to that datasource. Notice that the Create datasource block returns the created object as output, but the Create datasource table block returns only a job_id as output. To get more info about the job, you can use the Get job status block.
   

    

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Before reading this, please refer to the official QlikView Authentication - Qlik Online Help and your specific version for details. 

QlikView allows for a number of 3rd party, custom authentication methods to be implemented, which may leverage an Identity Provider (IdP) of choice. However, many aspects of this integration is limited to best-effort support from Qlik Technical Support. See How and When to Contact the Consulting Team?

By default. QlikView only interacts with Windows using the appropriate APIs in the background, allowing Windows to carry out any authentication attempts and passing that information to the QlikView system.  Custom Users in the Directory Service connector are a second option, which allows QlikView itself to do authentication.

Any other user repository will require external, 3rd party implementations.
 

Environment:

• QlikView 

 ! The information in this article is provided as-is and to be used at your own discretion. Depending on the tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

This document includes some possible examples in a QlikView 11 implementation of WebTickets and Header authentication, with examples from .NET, PHP, and LDAP integrations. The examples are provided as is. 

! The document references http://localhost:4730/qtds.asmx, which was a valid URL used in QlikView 10 (no longer supported).
This function has been removed in QlikView 11.

! The document references a WebTicket implementation limitation:
A current limitation is that the QVWS or IIS used in steps 2 and 3 (i.e. the server you collect the ticker from and the server you redirect the user to) must be the same machine.
This limitation no longer applies in the current QlikView 12 and 11.20 versions. 
 

This article gives an explanation of some of the common error messages.

Error 1:

Error 400 - Bad request

Contact your system administrator. The user cannot be authenticated by the SAML response through the following virtual proxy:

Error 2:

SAML mandatory attribute for user ID is missing

Error 3:

SAML assertion is expired

Error 4:

Error 500 - Internal server error

Internal server error

Error 5:

SAML assertion must be encrypted on an unsecured connection

Environment:

Qlik Sense Enterprise on Windows 

Error 400: Bad request

This is the most common error message that is encountered when using SAML. It basically means that the SAML request is malformed, missing some mandatory information, or we are encountering a time sync issue.

Missing Attribute:

The first step to take when this error appears is to check the Servername_Audit_Proxy.txt (C:\Programdata\Qlik\Sense\log\Proxy\Trace)

WARN    QlikServer2    Audit.Proxy.Proxy.SessionEstablishment.Authentication.SAML.SamlAuthenticationHandler    47    82c8cc12-5bf4-42a5-af04-b8e2c64d5c50    DOMAIN\Administrator    SAML mandatory attribute for user ID is missing    0    

The error is sometimes obvious as in the above example. An attribute is missing.

The second step would be to look into the SAML response and see if the SAML attribute you have set for your user ID is in there:

Check if you have an element <saml:Attribute ... Name="Nameofyourattribute" > inside the <saml:AttributeStatement> element.

In this example, the attribute we were trying to use for the User ID is Email. We see that it is not present in the <saml:AttributeStatement> element.

Time sync issue:

Verify that the SAML request is not rejected because it is "expired" or "SAML assertion is expired" and also result in "400: Bad request". This can happen if for example an AWS server with Sense installed on it was not configured to automatically update its date/time settings. The time difference between the identity provider and Sense can then lead to the message being rejected.

In this case, adjust time settings accordingly.

Error 500: Internal Server error:

This can have different reasons but the troubleshooting process is similar to the example above.

In SAML, error 500 usually indicates an error with the certificate used. Either the certificate used is incorrect or does not have the proper Cryptographic Provider.

In order to use SHA-256 in Qlik Sense with SAML, the cryptographic provider for the certificate applied on the Qlik Sense proxy must be "Microsoft Enhanced RSA and AES Cryptographic Provider".
This limitation does not apply to the certificate used by the Identity provider.

The Servername_Audit_Proxy.txt (C:\Programdata\Qlik\Sense\log\Proxy\Trace) will either indicate "could not decrypt data" or an error with ComponentSpace.SAML2.Exceptions.SAMLSignatureException.

SAML assertion must be encrypted on an unsecured connection:

All network traffic has to be encrypted, that means it's mandatory to use the port 443 in order to have a secure connection. 

You may notice fiber loop errors appearing in the Windows, QlikView and Qlik Sense logs.

e.g:

StdServer: Fiber loop (10b74b020) stall detected: last fiber loop iteration started 120917 ms ago.

Fiber loop is an entirely normal error to see and is usually just a sign of a busy server. It may not show any symptoms to the end user.
Fiber-loop stalls indicate a problem with a Windows fiber (a kind of thread) that has taken too long to respond. It shows up in the Windows error logs and the user may experience this a client crash as the session has been closed. If the browser is refreshed then a new session is created.

If the peak memory usage is sufficient to drive the server up towards the upper control limit (High Working Set default is 90%), then one can expect to see some level of degraded performance and unusual failures as the in-engine cache will be mostly drained of memory. The required and recurring re-calculations of results will also use a lot of CPU, and this is also likely the path of explanation for the observed stalls.

Environments:

• QlikView 12.00, 12.10 and 12.20 (November 2017)
• Qlik Sense 3.x , June 2017, September 2017, November 2017, February 2018 and onwards

Cause:

Fiber-loop stalls indicate a problem with a Windows fiber (a kind of thread) that has taken too long to respond.
Generally caused by a busy server that may or may not be oversubscribed (causing peaks in resource usage) and/or by slow network performance particularly when working with large apps stored on network device or share.

Resolution:

It would be more a case of investigating the overall server performance, size of the Apps (if these are very large and stored on a network device) perhaps there are issues with Network speed/performance. 
Any performance issues should be investigated with their local IT team to help reduce the number of fiber loop errors reported.

See What are fiber loop errors in the QlikView server event log? for more details, as well as related content below.
 

Related Content:

• How to start investigating a suspected Qlik Sense Performance issue 

Generating ETL instructions (both basic and all validations) for a data warehouse task fails at random for different tasks with the following error:

Undefined error

Clicking on more details shows no additional information. The same task will generate the instructions successfully at a different time. 

This may occur after an upgrade of the Snowflake ODBC drivers (for example from 2.24 to 2.25.11).

As a troubleshooting step, turning up the Qlik Compose logs to verbose does not capture the undefined error, but the Windows Event logs show a crash of the Qlik Compose service. 

Review the Windows Events (Application) log for Application Errors. Opening the log reveals an error such as:

Faulting application name: ComposeCtl.exe, version 
Faulting module name: SnowflakeDSll.dll
Exception code: 0xc0000005

Resolution

A defect in the 2.25.11 Snowflake driver is causing this issue. Downgrading to 2.25.6 resolves the ‘undefined’ error and prevents the crash.

See Snowflake ODBC Driver Release Notes.

Environment

Qlik Compose 2021.02 and above

IMPORTANT - If you make a support request we might ask you to turn on logging, reproduce the issue and send the relevant log file to us in order to help us identify the issue.

Occasionally, access tokens and other sensitive information might end up saved in the log file - we would recommend before sending us any log file that you first review it and delete anything which looks like an access token, credential or other sensitive information.
The procedure you follow will depend on the Qlik Web Connectors edition you are using.





From where you can either open the log file in your browser or download to disk.

Alternatively, you should be able to navigate to the App_Data folder underneath your Qlik Web Connectorsfolder, locate the GUID for the user who you are using Qlik Web Connectors as and underneath you should find a 'Logs' folder.

The log files are placed in:

[Install_dir]\App_Data\Logs

And the API log files in:

[Install_dir]\App_Data\<User>\Logs
 

To install or upgrade your existing Qlik NPrinting governance dashboard, simply deploy the new QVF  and reload the app: NPrinting Governance Dashboard - version3

If and only if you have altered the engine.config file(s) on your NPrinting Engine computer(s) to change the default 'resolvers-count' value,  then go to the 'deployment summary' sheet and enter the 'resolvers-count' value under 'Available Resolvers'.  This value sets a baseline that the new concurrency metric can evaluate to ensure your NPrinting environment is not core constrained. 

Please enjoy and post comments/suggestions in GitHub preferably, or in the community comments below.  

Version 3.0 (4/12/2022)

Update Details:

-Fixed a bug introduced by NP May 2021 SR3 where the reload fails in the load script:
< Field 'id' not found FROM "nprinting"."public"."task_execution" >

-Updated background colours on the "Task Recipients" Pivot Table to green

Version 2.0 

Update Details:

Deployment Summary Sheet:

• Configurable variable "vResolvers ".  By default this is set to the # logical engine processors. If you have changed  the "content-resolvers" property in the engine.config file(s)  to increase/decrease the number of resolvers in your NPrinting environment,  set vResolvers to the sum of this value in all your engine.config files.  

-New KPI "Peak  Connection Concurrency".  This is the number of unique connections used at any one time by executing publish tasks, subscriptions, on-demand requests, or metadata reload requests. It does not include preview requests.  If this number exceeds 60% of your resolver count, queuing is expected to occur and reports will take longer to run. The metric will turn red indicating it is time to add logical engine processors to your NPrinting Engine(s) to a maximum of 16 logical processors per engine. 

-New KPI "Peak Execution Concurrency". This is the number of concurrent execution requests at any one time . It is the sum of executing publish tasks + executing subscription requests + executing onDemand Requests + executing Metadata reload requests. If multiple reports are running in a single publish task, it counts as just '1' in this resolver . Does not include 'preview' requests.  

Report Delivery Sheet:

-New filters added

Data Connections Sheet:

-New filters added 

-Section Access field (yes/no ) added 

Qlik Lineage Sheet:

-New filters added

-New KPIs added:  Complex reports , Medium reports, simple reports

App Content Sheet:

-new filters added

Task Recipients Sheet:

-new filters added

Execution Analysis Sheet:

• New time chart:  "Active Connections by Type Over Time".  Shows concurrently used connections over time , stacked bar charts splits the type of request using the connection  (Publish Task, Subscription,OnDemand,Metadata Reload) . A Y Axis limit line shows the peak.  It turns red if it exceeds 60% of the vResolvers variable

-New table "Days when Concurrency Exceeded". Shows the number of days where the peak concurrency connections exceeds 60% of vResolvers.  

• New time chart:  "Executions by Type Over Time".  Shows concurrent executions over time , stacked bar charts splits the type of request   (Publish Task, Subscription,OnDemand,Metadata Reload) . A y axis limit line shows the peak over time.

-New table "Peak Concurrency by Day". Shows peak concurrency by day.

Report Performance Sheet:

-Container with 4 distribution plots showing execution length for publish tasks, subscriptions,ondemand requests and metadata reloads.  Colored by status (green = success,  red = failed)

-Container with 4 tables showing detailed executions

• 4 KPIs showing  "Average Publish Task Length", "Average OnDemand Length", "Average Subscription Length", "Average Metadata Reload Length" . 

Users Sheet:

-New Filters added

Execution Log Messages:

-New Filters added

Load Script / Model:

- vResolvers variable set to the sum of logical processors on each NP engine found

• section access field added to connections

• New master date table intervalmatched to executions. 

• vMonthsToLoad variable determines how many trailing months to generate in the master date table (default is 3 months)

Upgrade:

For anybody upgrading you will need to re-edit the data source in the load script and if and only if you have changed the resolvers-count setting in the NPrinting engine.config file .... then after reloading the app , go to the deployment summary sheet and update the vResolvers variable to be equivalent to the same value as 'resolvers-count' in the engine.config. If you have multiple NP engines, sum the number together and set vResolvers to the sum of the values found in the engine.config files.

This article explains how to implement SAML for NPrinting with Azure as the IdP.

Environments:

Qlik NPrinting 

To implement Azure SAML in Nprinting, the following needs to be done:

1. Create your own application in Azure from this menu and choose a name for it.
   
   
   
   

2. Generate a Metadata XML file 
   
   Federation Metadata XML: Download
   
   

3. Configure SAML in NPrinting and upload your metadata file 
   
   See instructions on the following link: Confguring SAML
   
   Below is an example of a working metadata file with only the needed fields, the simpler is to copy the corresponding elements (Azure EntityID, certificate for signing, SingleSignOnService for HTTP-POST and HTTP-Redirect) from the IdP metadata file downloaded from Azure and paste it into the corresponding parts of the code.
   
   Then save the file as .xml and upload it to NPrinting:
   

   <?xml version="1.0"?>
   <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sts.windows.net/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/">
     <IDPSSODescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
       <KeyDescriptor use="signing">
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
           <ds:X509Data>           
   <ds:X509Certificate>MIIC8DCCAdigAwIBAgIQFUUu6ZQHg5FJ...Ud8tf9A/4A6+2SZm34gf8gcVPTXT/a</ds:X509Certificate>
           </ds:X509Data>
         </ds:KeyInfo>
       </KeyDescriptor>    
   <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/>
   <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/>
     </IDPSSODescriptor>
   </EntityDescriptor>​

   
   Alternatively, when you upload the Azure metadata file as is to NPrinting, check the Webengine log file to remove unwanted tags from the Azure metadata file (As there are many tags that are not supported by Azure, it may take some time)
   
   
4. In Azure, configure your Enterprise application created in step 1
   
   The fields that need to be filled in on the Azure side are the 2 below, others are optional.
   
   Identifier (Entity ID):  The Entity ID set up in NPrinting in step 3
   Reply URL (Assertion Consumer Service URL): The correct value can be found in the SP metadata file downloaded from NPrinting
   
   
   
   
5. Make sure you give the correct permissions to the Azure AD users you want to authorize to connect with SAML
   
   
   
   The settings is now completed and SAML authentication should work.
   
   

Potential Troubleshooting Steps

• Remember that the user that logs in must already exist in NPrinting identified by either his email address or DOMAIN\Username (Based on the settings in step 3).
  
  If the authentication fails, the error will be logged in the web engine logs in C:\Programdata\Nprinting\Logs\.
  
  
• If issues are found with the implementation, among other reasons the following may be related:
  1. The email address attribute needs to be the full URL path, not just “emailaddress”
  2. The XML from AD/idp needs to have reference to only one certificate
  3. Irrelevant information in the XML from the idp needs to be removed as NP does not support and can cause errors.

PostgreSQL has identified two security issues. As Qlik Sense Enterprise on Windows relies on PostgreSQL for its repository, we want to provide you with steps on how to mitigate the vulnerabilities.

• CVE-2023-2454
  
  This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users.
  
  
• CVE-2023-2455 
  
  While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining. This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.

Resolution

With the next major Qlik Sense Enterprise on Windows release (August 2023), Qlik will update its bundled PostgreSQL database to the latest 14.x version.

As a mitigation for any previous releases, including May 2023, we offer the Qlik Postgres Installer (QPI) to migrate from 9.6 or 12.5 embedded databases to 14.8. We validated PostgreSQL 14.x for all releases back to February 2022.

The Qlik Postgres Installer version 1.3.0 with the updated Postgre SQL version has not yet been released. Watch this article for updates on when it is available. We anticipate to release it in the week of the 28th of May.

There are two possible scenarios which may apply to you:

Scenario 1

Upgrading your PostgreSQL database for Qlik Sense February 2022 (or later) while not having used the QPI yet

Use the new Qlik Postgres Installer (version 1.3.0) to upgrade to Postgres 14.8 and migrate Postgres with QPI. Follow the instructions in Upgrading Qlik Sense Repository Database using the Qlik PostgreSQL Installer.

The Qlik Postgres Installer version 1.3.0 with the updated Postgre SQL version has not yet been released. Watch this article for updates on when it is available. We anticipate to release it in the week of the 28th of May.

Scenario 2

Upgrading your PostgreSQL on February 2022 (or later) if you have already migrated to 12.x within QPI

If you have previously used the Qlik Postgres Installer (version 1.2.1 or earlier), you can simply install the latest PostgreSQL version (within your major release) and install it on top of your current 12.x database.

Steps:

1. Download the latest PostgreSQL installer within the major release you have installed (Download PostgreSQL | Enterprisedb.com).
   
   Example: You have used the old QPI to upgrade to 12.5. You can now easily upgrade to a later version in the same major release, such as 12.15.
   
   
2. Stop the Qlik Sense services. Leave the postgresql-x64-12 service running. 
   
   
3. Run the downloaded installer as an administrator.
   
   
4. The installer will guide you through the upgrade procedure. 
   
   
5. Start the Qlik Sense services.

Related Content

https://www.cybersecurity-help.cz/vdb/SB2023051138
Download PostgreSQL | Enterprisedb.com

Environment

Qlik Sense Enterprise on Windows all versions