Hi Guys! I am using Qlik Sense server 1.1 The Issue is that yesterday I created a mashup which I wanted to allow anonymous users within our AD to be able to access. It worked fine when I used the login pass rule: user name like value * (for all users). The problem was that when I created this rule the user access users were also recognized as login pass users and since many people were logging in and out it used up all the passes (1 token). This must be because of the anonymous setting. Today I tried adding, AND/OR rules and also adding a new rule to exclude my name but I still get the message that I don’t have an access pass. So the question is how to combine anonymous access for all users in the AD with a couple of user access users without running out of tokens. It only works for me to access the hub after I login at qmc. Is this the only solution for the user access users? I would really appreciate some guidance on this. Thanks!
I don't recommend user name like * as a rule for anything. It's going to get you in more trouble down the road.
To solve the problem you can allocate user access passes manually, or if you have set up an Active Directory UDC and unchecked sync on first login you will get the whole directory.
If you have the directory loaded into Sense you can create user access rules and login access rules based on attributes like AD groups.
In addition, you could create a custom property for specific users you want to have use user access passes. Create the custom property and make it valid for user resources. Then go to the specific users and add the custom property to those users. After that create a user access rule based on the custom property. If the user logging in has the custom property they will get a user access pass, otherwise they will get a login access pass.
The other thing you can do is set up a virtual proxy that does not allow anonymous connections and route your named users through there and create another virtual proxy that allows anonymous and send your login access users through that vp.
Thanks for the reply the problem is that we have around 1500 persons in the AD so grouping them or giving them passes manually will be very time consuming. The purpose is to be able to post some charts on the internal web portal. Is there not a way to come around the problem by not giving the user access users the same rights or something like that?
Sahir, I imagine there is a way through security rules to do exactly what you want, but I'm not understanding the use case completely. If you want you can personal message me and we can chat about what you want to do and see how we may accomplish this with security rules.