Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

QRS API: Reset security rule cache using PowerShell

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
ToniKautto
Employee
Employee

QRS API: Reset security rule cache using PowerShell

Last Update:

Dec 21, 2020 1:20:46 AM

Updated By:

ToniKautto

Created date:

Dec 21, 2020 1:20:46 AM

Qlik Sense Repository Service (QRS) security rules cache can be purged by calling the below QRS API end-point.  

POST /systemrule/security/resetcache

The security rules cache is local to a Qlik Sense node. To reset the QRS security rule cache on all nodes, the API must be called to each node. 

The API call must be run as the user Internal\sa_repository. Qlik Sense client certificates must be used for authentication when calling QRS API as Internal\sa_repository 
Call QRS API locally on Qlik Sense node or Export client certificate and root certificate to make API calls to a client machine. 

Example on how to reset QRS security cache with PowerShell; 

$qlikserver = 'qlikserver1.domain.local'

$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$xrfkey = "iX83QmNlvu87yyAB"

$url = "https://$($qlikserver):4242/qrs/systemrule/security/resetcache?xrfkey=$($xrfkey)"
$headers = @{}
$headers.Add("X-Qlik-xrfkey","$xrfkey")
$headers.Add("X-Qlik-User","UserDirectory=INTERNAL;UserId=sa_repository")
$body = ''

Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $headers -Certificate $cert

Confirm in Audit_Repository logs that cache has been clear on a specific Qlik Sense node. Looks for a message referring to "Invalidating security filter result", like one of the below examples;

274	20201105T133845.005+0100	INFO	qlikserver1	Audit.Repository.Repository.Core.Security.SecurityFilterResultCache	
50	a40f96b1-8527-443e-b20e-f1cd72db17a6	DOMAIN\administrator	Invalidating entire security filter result cache due to reset API called

 

36 20201119T151514.709+1100 INFO SU-APAC02 Audit.Repository.Repository.Core.Resource.InternalManagementResource 
51 a47e0207-291b-4bd0-9e1c-5bd598d06d20 DOMAIN\administrator Invalidating SecurityFilterResult cache 0 1977183c69c9974ee6825a7a9a16aa7dfa539f56

 

Refernces

Environment

  • Qlik Sense Enterprise on Windows June 2017 and later

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Version history
Last update:
‎2020-12-21 01:20 AM
Updated by: