Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik and ServiceNow Partner to Bring Trusted Enterprise Context into AI-Powered Workflows. Learn More!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
simonheap_cph
Partner - Contributor II
Partner - Contributor II
‎2024-03-19 08:28 AM

Splitting permissions over two Security Rules?

Hi there!

How does NPrinting work, if a user is assigned to more than one Security Rule? Do the permissions "add up"?

I'm trying to work out a setup where I can split what NPrinting users can do and what data they have access to. I have some "Data"-roles where each role has access to different apps in the Selected items-section. Also, I have some "Role"-roles that define what the user can do, i.e., roles for a developer, a tester an end user and so forth.

The general idea is, that I have different developers that should be able to do the same stuff: work with reports and tasks. But each developer might work with different data. So, a user always has two roles: one for what data they can see (apps) and one that decides what they can do (create new, edit, delete, view etc.).

I have an admin-role too that sets up the apps and connections as a prerequisite for the above.

Only it doesn't work as I would expect! On the "Role"-roles there is no access to apps, this access is on the "Data"-role. But it is the role with the app permission, that decides what can be done - without an app in Selected items, nothing can be done, no new app can be created and so on.

But if I add the developer's permissions on the "Data"-role where the app resides, then the end user can do the  same as the developer. And that was not the intention...

Hoping someone has tried something similar!

Best regards

Simon

 

Labels (2)
Labels
1,167 Views
2 Solutions

Accepted Solutions
simonheap_cph
Partner - Contributor II
Partner - Contributor II
‎2024-03-19 10:12 AM
Author

This is what I was hoping to avoid. You are missing my point about EndUsers who only use NewsStand and On-Demand buttons in Qlik Sense. I was hoping to have the two roles Developer and EndUsers with different actions allocated, but sharing the same "Data"-security role for the app. I understand from your reply that this is not possible - ?

 

View solution in original post

1,130 Views
0 Likes
David_Friend
Support
Support
‎2024-03-19 10:24 AM

that is correct.

View solution in original post

1,123 Views
0 Likes
6 Replies
Ruggero_Piccoli
Support
Support
‎2024-03-19 10:09 AM

Hi,

About Roles you can refer to https://help.qlik.com/en-US/nprinting/May2023/Content/NPrinting/DeployingQVNprinting/Managing-roles....

You must always have at least one user with the build-it Administrator role. 

You can control access permission at Qlik NPrinting App level and you must select at least one app (or many or all) for each role. So, if you want to create a Developer Role for App1 you will select only that app. Based on your description I think you missed this point, the apps selection. Then you apply this role to the users you want to give those privileges to that App1.

If you want the same users can work as viewers on App2 and App3 you will create another rule, with those 2 apps selected aon only view privileges. Than you will assign the two roles to the users. 

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
1,133 Views
0 Likes
simonheap_cph
Partner - Contributor II
Partner - Contributor II
‎2024-03-19 10:12 AM
Author

This is what I was hoping to avoid. You are missing my point about EndUsers who only use NewsStand and On-Demand buttons in Qlik Sense. I was hoping to have the two roles Developer and EndUsers with different actions allocated, but sharing the same "Data"-security role for the app. I understand from your reply that this is not possible - ?

 

1,131 Views
0 Likes
David_Friend
Support
Support
‎2024-03-19 10:24 AM

that is correct.

1,124 Views
0 Likes
simonheap_cph
Partner - Contributor II
Partner - Contributor II
‎2024-03-19 10:27 AM
Author

That calls for a suggestion to a future update 😉

1,117 Views
0 Likes
Ruggero_Piccoli
Support
Support
‎2024-03-19 10:53 AM

In response to simonheap_cph

Hi,

You can create a security role with only On-Demand rights for one app like the following: 

Ruggero_Piccoli_0-1710859868052.png

The other checked rights are needed to enable On-Demand and are automatically activated. 

Best Regards,

Ruggero



Best Regards,
Ruggero
---------------------------------------------
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads with a LIKE if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads with LIKEs if you feel additional info is useful to others.
1,106 Views
0 Likes
Lech_Miszkiewicz
Partner Ambassador/MVP
Partner Ambassador/MVP
‎2024-03-19 06:16 PM

In response to simonheap_cph

Hi @simonheap_cph 

You can always suggest such idea on: https://community.qlik.com/t5/About-Ideation/ct-p/qlik-aboutideation. Thats exactly what Ideation page is for.

cheers

cheers Lech, When applicable please mark the correct/appropriate replies as "solution" (you can mark up to 3 "solutions". Please LIKE threads if the provided solution is helpful to the problem.
1,082 Views
0 Likes