Re: Security rule based on which virtual proxy a u... - Qlik Community

petgr138 · ‎2019-05-23

Hi,

Is there a way to include a condition in your security rules for which virtual proxy a user logs on to?

For example, if the user logs on to virtual proxy A one rule is applied and if the user logs on to virtual proxy B a different rule is used.

Grateful for any suggestions.

Best regards

Petter Grundström

Bastien_Laugiero · ‎2019-05-23

Hello,

I have done some testing and can't find a way to do that (even using custom properties), unfortunately.

The list of available resource condition resources is available here. Maybe there will be one that you can use instead of the virtual proxy.

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

petgr138 · ‎2019-05-23

Hi,

Thanks for the answer!

The only workaround I can think of is to make users who log on to virtual proxy A belong to user directory A and users who log on to virtual proxy B belong to user directory B and then write security rules based on user directories instead.

However, in my case we sync the users with an Active Directory user directory connector which means they automatically belong to the same user directory as in the AD. Is there a way to change which User Directory they belong to?

Best regards

Petter

Bastien_Laugiero · ‎2019-05-23

Hello,

If the users connecting to Virtual Proxy 1 and the users connecting to Virtual Proxy are not the same then you have multiple ways to handle this.

You could, for instance, create an active directory group to differentiate them or even create a custom property in Qlik Sense and base your security rule on that.

I thought that the same users will access both the virtual proxies so that's why I didn't suggest that before.

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

petgr138 · ‎2019-05-23

No, you were right, it is the same users.

The reason I want to differentiate the users based on which virtual proxy is that one of our virtual proxies will give the users elevated access. We have two nodes and one of them should only be used by Super Users, but the Super Users can also access the other node which is used by everyone.

So two nodes with separate virtual proxies but all the users belong to the same User Directory in the AD.

Best regards

Petter

prem1234 · ‎2021-05-31

Hi,

Did you find way to define security rule based on Virtual proxy, We have tried creating virtual proxies A and B for same users.
A will be accesible from Internet and B is only for Intranet. No we would like to restrict export app objects data while users connected to virtual proxy A. Can you please help if this is possible?

Bastien_Laugiero · ‎2021-05-31

Hello!

As far as I know you cannot use the Virtual Proxy directly in your condition.

However I believe you could use the condition "user.environment.ip" since the users are coming from different network.

Here is an example that could help: https://help.qlik.com/en-US/sense/June2019/Subsystems/ManagementConsole/Content/Sense_QMC/access-to-...

Note: To use the user.environment conditions, you must enable Extended security environment in the virtual proxy.

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

Security rule based on which virtual proxy a user logs on to

Qlik Sense

security rule

security rules

virtual proxies

virtual proxy