3 Replies Latest reply: Nov 1, 2016 2:21 PM by Jordan Weinstein RSS

    Which wins, user access or login access rule?

    Jordan Weinstein

      In Qlik Sense 3.1 I have rules created such that if a user is a member of one Active Directory security group, they are granted a login access token, if they are a member of another group, they are granted a user access token. What happens if they're a member of both groups?

        • Re: Which wins, user access or login access rule?
          Jordan Weinstein

          Support responded User access token will try first, if none available, Login access token will be granted.

          • Re: Which wins, user access or login access rule?
            Vladimir Komarov

            Jordan,

             

            Do you have any document/references how to create these rules (allocating tokens, etc) for different group of users?

            I need to create similar rules and I did not find a straightforward information about it.

             

            It's not very clear for me if I can wildcards options for user names, create user Roles or Custom User's Properties automatically, apply allocations based on these Roles, use a mix of AD and UDC accounts, etc.

             

            Please let me know.

             

            Regards,

            Vlad

              • Re: Which wins, user access or login access rule?
                Jordan Weinstein

                I can comment on the first part of your question which is yes, it's probably easier than you think to allocate tokens for different groups. Assuming you want to use Active Directory security groups as I am, first thing you want to ensure is working is your User Directory Connector sync. If it is, then the QMC will be 'aware' of your existing security groups. Then

                1. go to your QMC
                2. Click License and tokens
                3. Click User access rules on the right side
                4. Click Create new on the bottom
                5. Give it a Name, Description, then in the Basic section, in order select User, Group=value and paste in the name of your AD Security Group in the last field

                 

                If there are enough available tokens, this rule will ensure users in that group are granted a User access token.

                You can follow similar steps for creating a Login access rules. The only real difference is you need to designate a number of tokens from which users can draw down.

                 

                Hope that helps.