Security rules on Qlik Sense enterprise server

bela · ‎2022-09-18

Hello everyone,

I have just been given the management of Qlik Sense which is already operational.
I found security flaws (configured user who can access all...). 

My questions:
1- I would like to do the security audit but I do not master this aspect.
2- I would like to create personalized profiles but I don't know how.
3- remove access to the Dev Hub for standard users.

NB: I am a system administrator (windows, linux), I master QMC.

An idea, indication or documentation to follow.

Thank you again for your help.

Bela

rohitk1609 · ‎2022-09-19

HI Bela,

Here is my inputs:

#1 You can do audit between resource and users. Select a resource i.e. Apps, filter the concern app and then select the concern user. Check what actions are in green. If you find the any action support Delete is in green and this is what you don't want then there is an option of "Associated Rules", check which rules could made that action Green. This is how you can find which security rule cause what action enabled. Qlik works with OR condition. Qlik rules are there to give access not to take access unless you edit or alter any default rule.

#2 Please explain what exactly you want to create when you say personalised profiles?

#3 When you say Dev hub, is it MY work Area where any user has apps which are owned by him? If yes you have to alter the security rule for it.

Reach out to me if you need more help kumar.rohit1609@gmail.com

bela · ‎2022-09-19

Hi;

#1
I don't want to do it: application by application but in an automatic way, all applications with all resources and all users, with scripts for example.

#2
2.1. Designer profile to create their own sheets in a published or cloned application but without being able to access the data loading sections (neither script nor data manager).
2.2. Developer profile can do the same thing but can also access the script or data manager part for an application in his work environment.
2.3. A designer or developer profile can access to relaod task from the hub only for their applications in their work environment.

#3 Is it possible to have a documentation on security rules under qlik sense ?

Thanks again

BELA

rohitk1609 · ‎2022-09-20

#1 How would you do an audit of all apps , resources in one go? What exactly you are trying with Audit?

#2 If your has access of any published app, he can create his own sheet, and published it to community. You don't need to any special work for that

#3 You don't find any document for that but a person who knows QMC and especially Qlik security, he would guide you.

Reach out to me if you need more help kumar.rohit1609@gmail.com

bela · ‎2022-09-22

Hi rohitk1609;

# 1

This activity will center around auditing what assets (e.g. apps, streams, data connections) that users of the Qlik site have access to. This audit can be done on an ad-hoc basis using the QMC or in a more systemic way using script(s) + a Qlik app.

I found this information in the link below

https://adminplaybook.qlik-poc.com/docs/audit/audit_user_access.html#qs-security-audit--

# 2

custom profiles: create 2 different Qlik Sense Professional profiles, one of which can access data loading, the other not.

I found this information in the link below

https://www.next-decision.fr/wiki/trucs-astuces-security-rules-qlik-sense

# 3

I have been tasked with the administration of a Qlik sense server that is already operational with security rules in place, I must audit its rules and correct them in case I find problems.

The administrator of Qlik Sense left the company without handing over instructions and left nothing and no one knows Qlik Sense, so that's why I approached Qlik Sense community.

Now you know everything, I hope it could help me to move forward.

Thanks again

BELA

Client Managed

General Question