Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
tmathijssen
Partner - Contributor II
Partner - Contributor II
‎2018-04-16 04:41 AM

Login access token security rule order

Hi,

In what order will the allocation of a login access token be done by a security order?

Example:

- Two pools with each 10 tokens.

  • Security rule pool 1: Usergroup = Login access
  • Security rule pool 2: Usergroup = Login access and Dashboard = Employee

Do i need to specify anything to make sure that a user that has the Employee properties does not uses tokens from pool 1?

1,144 Views
0 Likes
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee
‎2018-04-17 02:01 PM

Hey Tom,

Yes, I'd expect so.

On my end, I have the following rules:

Pool 1: ((user.userId like "*"))

Pool 1: ((user.userId like "*" and user.name like "*"))

When simulating users, the users use tokens from Pool 1.

So something like Usergroup = Login access AND Dashboard != Employee seems like a valid strategy (may need to experiment with user.dashboard.Empty() potentially).


Hope that helps.

View solution in original post

1,036 Views
0 Likes
5 Replies
YoussefBelloum
Champion
Champion
‎2018-04-16 05:17 AM

Hi,

Maybe mto‌ or ltu‌ can take a look here ?

1,036 Views
0 Likes
dwforest
Specialist II
Specialist II
‎2018-04-16 01:16 PM

I've not seen a way to prioritize rules. I'd guess they'd evaluate in the order defined or possibly to the most restrictive.

Personally, I define my rules to be explicit so there is no question of some getting (or not getting) what they are supposed to.

1,036 Views
0 Likes
Levi_Turner
Employee
Employee
‎2018-04-17 02:01 PM

Hey Tom,

Yes, I'd expect so.

On my end, I have the following rules:

Pool 1: ((user.userId like "*"))

Pool 1: ((user.userId like "*" and user.name like "*"))

When simulating users, the users use tokens from Pool 1.

So something like Usergroup = Login access AND Dashboard != Employee seems like a valid strategy (may need to experiment with user.dashboard.Empty() potentially).


Hope that helps.

1,037 Views
0 Likes
tmathijssen
Partner - Contributor II
Partner - Contributor II
‎2018-04-18 03:32 AM
Author

In response to Levi_Turner

Levi,

So i need to make sure that no overlap in the security rules exists.

1,036 Views
0 Likes
Levi_Turner
Employee
Employee
‎2018-04-18 11:25 AM

In response to tmathijssen

Yes, in this scenario with License Rules. If you want to ensure that a rule will not be evaluated as true to ensure that that pool isn't touched then the schema is:

  • A AND NOT B
  • A AND B
1,036 Views
0 Likes