Qlik Community

Qlik Sense Governed Self-Service

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Not applicable

Resource Filters for Root Admin?

I am trying to create a Security Rule for Root Admin with the following Resource Filter: App_*,App.Object_*,ContentLibrary_*,DataConnection_*,EngineService_*,Extension_*,PrintingService_*,ProxyService_*,ReloadTask_*,RepositoryService_*,SchedulerService_*,ServerNodeConfiguration_*,Stream_*,User_*,UserSyncTask_*,VirtualProxyConfig_*

I am the default Root Admin and the structure that we have in our org is that we have an AD Group by the name ADMIN_Access, and people who need to be Root Admins are added to this AD Group.

When someone else is added to this AD Group, they are able to open QMC but all the tabs are blank.

When I change the Resource Filter to just: *

the added person has access to all the components of the QMC. Why does this happen?

1 Solution

Accepted Solutions
Not applicable

Re: Resource Filters for Root Admin?

Hi Ashutosh,

You need to add another rule that turns on the QMC Sections that the group will be able to access.

If you look at the GSS rules for QMC Access, there are two rules.  One is for the resources themselves (like you have created) and another for the QMC Sections.

2016-09-20 12_12_43-Settings.png

This is an example of course but you can see the QMC Section reference in the resource filter.

More about QMCSections may be found here in the help: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/create-QMC-organizational-...

and here: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/available-resource-filters...

Hope this helps!

Jeff G

5 Replies
Not applicable

Re: Resource Filters for Root Admin?

Hi Ashutosh,

You need to add another rule that turns on the QMC Sections that the group will be able to access.

If you look at the GSS rules for QMC Access, there are two rules.  One is for the resources themselves (like you have created) and another for the QMC Sections.

2016-09-20 12_12_43-Settings.png

This is an example of course but you can see the QMC Section reference in the resource filter.

More about QMCSections may be found here in the help: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/create-QMC-organizational-...

and here: http://help.qlik.com/en-US/sense/3.1/Subsystems/ManagementConsole/Content/available-resource-filters...

Hope this helps!

Jeff G

Not applicable

Re: Resource Filters for Root Admin?

Thanks for the reply.

What is the significance of " Context" at the bottom left side, below the filter, which has 3 selections

--Both in hub and QMC

--Only in hub

--Only in QMC

I thought that if we select the Context as "Both in hub and QMC" then the user should have access to all resources mentioned in the Resource Filter in hub as well as QMC.

Is this not the case?

Not applicable

Re: Resource Filters for Root Admin?

So context determines where the rule is evaluated.  In the hub, in the qmc, or both.  For the actual resources you may want to set the rule context to both.  For the qmcsections they are only applicable to qmc so set the rule context to qmc.

For more information on how rules work please have a watch of the following video: SecurityRulesFullPresentation.mp4 - Google Drive

Not applicable

Re: Resource Filters for Root Admin?

Hi Jeffrey,

I did try the filter

QmcSection_Stream,QmcSection_App,QmcSection_App.Sheet, QmcSection_App.Story,QmcSection_Tag, QmcSection_Task, QmcSection_ReloadTask, QmcSection_Event, QmcSection_SchemaEvent, QmcSection_CompositeEvent


but this does not work and then I tried QmcSection* as resource filter and it works.


Further, on this site: https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Confi...

it mentions Context as "You can specify whether the security rule should apply: Both in hub and QMC, Only in hub or Only in QMC."

according to which we should not require another rule for QMC access?

Not applicable

Re: Resource Filters for Root Admin?

So the first step is to identify what sections of the QMC a user would have access to.  The next is a rule defining which content they can see in that section of the qmc.  So you do need two rules; one for the section itself, and another for what you want to see in it.