Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Defect acknowledgement with Nprinting Engine May 2022 SR2, please READ HERE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ali_hijazi
Partner - Master II
Partner - Master II
‎2025-07-10 03:36 AM

Security while Rest Connection to run tasks

Hello
we have QVF files that use a rest connector to connect to an application and run desired tasks
I'm asked to secure calls to run tasks in a way if the user account that is using the rest connector cannot run a task unless that user account has access to the app of that task

can someone help me?
the useraccount running the nprinting services is NPRINTINGUSER
the useraccount running the Qlik Sense engine is MXUSER
both are administrators


our code looks something like this:

ali_hijazi_0-1752132769677.png

currently in the Nprinting_LOGIN we are using the NPRINTINGUSER which is an administrator
suppose I login with my_user_account for example and I don't have access to Times To Validate app, will the above code run? I'm asking because in Qlik it is always the MXUSER who is running the processes in the background. so if we login with a user account that doesn't access to the app, script will fail but works if we login with a user account that has access to Times To Validate?
is this the correct approach?

I can walk on water when it freezes
Labels (2)
Labels
1,005 Views
1 Solution

Accepted Solutions
Lech_Miszkiewicz
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2025-07-10 09:27 AM

In response to ali_hijazi

So why dont you create another set of Get and Post connections with user who has only access to that app only and use that pair?

I dont think REST connector has SSO for connections so user Id and password are hardcoded and predefined so only workaround I am thinking of would be to have a set of various connections. 

Sorry, but I dont think you can manage that in any other way. Maybe other can comment on it. 

cheers

cheers Lech, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful to the problem.

View solution in original post

970 Views
5 Replies
Lech_Miszkiewicz
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2025-07-10 05:19 AM

Hi @ali_hijazi 

If you want to secure use of REST GET and POST connections from Qlik Sense to NPrinting you need to apply security rules in QMC to restrict visibility/use of those connections only to accounts you want. You can do that by use of groups or custom properties. Obviously that means you may need to look at how security rules for your environment connections are set and whether 

It is the same as having configured connection to database with predefined user in it. Everyone who can see such connection can use it.

Those processes are for scheduled reloads only as having them for any other reason does not make sense given that checking users and allowing them to run tasks manually may be avoided simply by allowing them to run task directly from NPrinting where exactly the same approach can be achieved. 

Understanding reasons and full workflow of your problem is probably required as at this stage to me this is binary:

  1. you allow use of service accounts to run task (APIs are configured under PREDEFINED accounts) - that is typical to run schedule dependancies based on other tasks. 
  2. or you allow individuals to trigger tasks - for that you dont need API and users can use NPrinting console.

cheers

 

 

cheers Lech, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful to the problem.
985 Views
0 Likes
ali_hijazi
Partner - Master II
Partner - Master II
‎2025-07-10 08:36 AM
Author

In response to Lech_Miszkiewicz

hello
I'm not talking about securing rest connections as data connections
I meant currently we use to connect from Rest connector a user named NprintingUser and this user account is administrator the administrator has access to all apps

what I want is use a user in the rest connector that has access to One desired app and thus can run the tasks of that app only

so if I want to run a task for another app using the same user but who doesn't have access to the app in the example above then the script should fail

 

I can walk on water when it freezes
973 Views
0 Likes
Lech_Miszkiewicz
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2025-07-10 09:27 AM

In response to ali_hijazi

So why dont you create another set of Get and Post connections with user who has only access to that app only and use that pair?

I dont think REST connector has SSO for connections so user Id and password are hardcoded and predefined so only workaround I am thinking of would be to have a set of various connections. 

Sorry, but I dont think you can manage that in any other way. Maybe other can comment on it. 

cheers

cheers Lech, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful to the problem.
971 Views
ali_hijazi
Partner - Master II
Partner - Master II
‎2025-07-10 10:00 AM
Author

In response to Lech_Miszkiewicz

@Lech_Miszkiewicz 
yes this is what I was talking about

create pair of GET / POST rest connections for each app or security role
I use in each pair a user account that is not administrator and has access to teh app that we want to get and run the related reports
so this is a good approache?

I can walk on water when it freezes
966 Views
0 Likes
Lech_Miszkiewicz
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2025-07-10 06:52 PM

In response to ali_hijazi

HI @ali_hijazi,

This is not something what would have "best practices" established and your requirement is rather unique so I say just try if it works for you. Is this a good aproach? - I dont know, but it is the only aproach I could come up with when trying to answer your question. 

cheers

cheers Lech, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful to the problem.
928 Views