Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

tmathijssen
New Contributor II

Login access token security rule order

Hi,

In what order will the allocation of a login access token be done by a security order?

Example:

- Two pools with each 10 tokens.

  • Security rule pool 1: Usergroup = Login access
  • Security rule pool 2: Usergroup = Login access and Dashboard = Employee

Do i need to specify anything to make sure that a user that has the Employee properties does not uses tokens from pool 1?

1 Solution

Accepted Solutions
Employee
Employee

Re: Login access token security rule order

Hey Tom,

Yes, I'd expect so.

On my end, I have the following rules:

Pool 1: ((user.userId like "*"))

Pool 1: ((user.userId like "*" and user.name like "*"))

When simulating users, the users use tokens from Pool 1.

So something like Usergroup = Login access AND Dashboard != Employee seems like a valid strategy (may need to experiment with user.dashboard.Empty() potentially).


Hope that helps.

5 Replies
YoussefBelloum
Esteemed Contributor

Re: Login access token security rule order

Hi,

Maybe mto‌ or ltu‌ can take a look here ?

dwforest
Valued Contributor

Re: Login access token security rule order

I've not seen a way to prioritize rules. I'd guess they'd evaluate in the order defined or possibly to the most restrictive.

Personally, I define my rules to be explicit so there is no question of some getting (or not getting) what they are supposed to.

Employee
Employee

Re: Login access token security rule order

Hey Tom,

Yes, I'd expect so.

On my end, I have the following rules:

Pool 1: ((user.userId like "*"))

Pool 1: ((user.userId like "*" and user.name like "*"))

When simulating users, the users use tokens from Pool 1.

So something like Usergroup = Login access AND Dashboard != Employee seems like a valid strategy (may need to experiment with user.dashboard.Empty() potentially).


Hope that helps.

tmathijssen
New Contributor II

Re: Login access token security rule order

Levi,

So i need to make sure that no overlap in the security rules exists.

Employee
Employee

Re: Login access token security rule order

Yes, in this scenario with License Rules. If you want to ensure that a rule will not be evaluated as true to ensure that that pool isn't touched then the schema is:

  • A AND NOT B
  • A AND B
Community Browser