There's the online help here: Designing access control ‒ Qlik Sense
And there are some blog posts:
And there are some videos:
You have to learn from your own because Rules are different from organisation to organisation but basic principle is same.
There are three Admins and they maintain differently.
When you write rules you have to follow this as well as tokens, Streams, users, values, groups, Hub etc.
Even you can create your own rules which is different to any other rules.
Read this thread also