Solved: Re: Qliksense Security Requirement - Qlik Community

Lokeshb31 · ‎2022-05-03

Hello Folks,

We have a requirement to setup Qliksense security. We have around 20 On-premise AD groups and respective 20 streams in new environment. We want to setup security in such a way that group A will have only read access to stream A, group B will have read access to stream B and so on.

I know we can create custom property with values A,B,C and create a security rule to grant read access but I am not sure how to integrate those 20 AD groups and assign respective custom property values on group level.

Please help to achieve this requirement.

Maria_Halley · ‎2022-05-04

@Lokeshb31

You can create the rule directly using the AD groups.
In the example below I created the group Qlik in my AD. This rule gives all members of that AD group access to the stream.

View solution in original post

rohitk1609 · ‎2022-05-04

AD comes to Qlik as User Directory. You should write the security rule on User Directory.

Maria_Halley · ‎2022-05-04

@Lokeshb31

You can create the rule directly using the AD groups.
In the example below I created the group Qlik in my AD. This rule gives all members of that AD group access to the stream.

Lokeshb31 · ‎2022-05-04

So we dont have to create custom property here, but in that case we need to create 20 security rules, each for one stream. How did you select specific stream in resource filter while creating security rule?

Maria_Halley · ‎2022-05-04

@Lokeshb31

When you create the stream it will "offer" you create a rule. If you don't do it there , it is probably easiest to the stream itself. On the right side under associated items you can pick security rules and it will let you create a new rule.

If you are creating a simple access rule where all users in group A,B,C, .. should have access to a stream, then you only have to create one rule where all groups are listed with OR statements in-between

If you use custom properties you have to manually add them to each user (can be done with multi select)

Lokeshb31 · ‎2022-05-04

Thanks Maria. There are other rules associated/inherited with that stream which are geting mixed and allowing publish access as well. Can I delete those other rules? I validated the method you mentioned above using preview and its working.

Lokeshb31 · ‎2022-05-05

Hi Maria,

Can you please confirm if I can delete those security rules to allow only read access to that stream for specific AD group? Additionally, there are few super users who need access to all those 20 streams. Please let me know process for the same.

Maria_Halley · ‎2022-05-09

@Lokeshb31

I would not recommend just deleting them. Since this is default rules, you will have to make sure that you create other rules so other users doesn't lose rights. But you can disable them, that's an easy way to test if you get the right result.

But first make sure you understand what the different rules do , there is a better overview of the rules.

https://help.qlik.com/en-US/sense-admin/February2022/Subsystems/DeployAdministerQSE/Content/Sense_De...

Qliksense Security Requirement

Administration

Security