Qlik Community

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Announcements
IMPORTANT security patches for GeoAnalytics Server available to download: READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
Lokeshb31
Contributor III
Contributor III

Qliksense Security Requirement

Hello Folks,

We have a requirement to setup Qliksense security. We have around 20 On-premise AD groups and respective 20 streams in new environment. We want to setup security in such a way that group A will have only read access to stream A, group B will have read access to stream B and so on. 

I know we can create custom property with values A,B,C and create a security rule to grant read access but I am not sure how to integrate those 20 AD groups and assign respective custom property values on group level. 

Please help to achieve this requirement.

Labels (2)
1 Solution

Accepted Solutions
Maria_Halley
Support
Support

@Lokeshb31 

You can create the rule directly using the AD groups. 
In the example below I created the group Qlik in my AD. This rule gives all members of that AD group access to the stream.

 

 

View solution in original post

7 Replies
rohitk1609
Specialist III
Specialist III

AD comes to Qlik as User Directory. You should write the security rule on User Directory.

Maria_Halley
Support
Support

@Lokeshb31 

You can create the rule directly using the AD groups. 
In the example below I created the group Qlik in my AD. This rule gives all members of that AD group access to the stream.

 

 

Lokeshb31
Contributor III
Contributor III
Author

So we dont have to create custom property here, but in that case we need to create 20 security rules, each for one stream. How did you select specific stream in resource filter while creating security rule?

Maria_Halley
Support
Support


@Lokeshb31

 

When you create the stream it will "offer" you create a rule. If you don't do it there , it is probably easiest to the stream itself. On the right side under associated items you can pick security rules and it will let you create a new rule.

 

If you are creating a simple access rule where all users in group A,B,C, ..  should have access to a stream, then you only have to create one rule where all groups are listed with OR statements in-between

 

If you use custom properties you have to manually add them to each user (can be done with multi select) 

Lokeshb31
Contributor III
Contributor III
Author

Thanks Maria. There are other rules associated/inherited with that stream which are geting mixed and allowing publish access as well. Can I delete those other rules? I validated the method you mentioned above using preview and its working. 

 

Lokeshb31_0-1651668587666.png

 

Lokeshb31
Contributor III
Contributor III
Author

Hi Maria,

Can you please confirm if I can delete those security rules to allow only read access to that stream for specific AD group? Additionally, there are few super users who need access to all those 20 streams. Please let me know process for the same. 

Maria_Halley
Support
Support

@Lokeshb31

 

I would not recommend just deleting them. Since this is default rules, you will have to make sure that you create other rules so other users doesn't lose rights. But you can disable them, that's an easy way to test if you get the right result.

 

But first make sure you understand what the different rules do , there is a better overview of the rules.

https://help.qlik.com/en-US/sense-admin/February2022/Subsystems/DeployAdministerQSE/Content/Sense_De...