0 Replies Latest reply: Feb 21, 2017 8:00 PM by Christopher Obert RSS

    Rules for streams in QLIK sense Server

    Christopher Obert

      Hi all, I am hoping someone can confirm/correct something for me.

       

      First a little back story: We have a couple of QLIK installs. Test and Prod. I am rebuilding Test after I upgraded to QLIK 3.2. Since the upgrade deleted all the rules and streams I am re-creating them manually, using the Prod instance as a template/reference.  I noticed that in prod we have two rules for every stream. One named "Security Rule for Access to "<stream name>" " and a second named "<Stream Name> Rule ". For example, if I had a stream named "Awesome BI", I would have a rule named "Security Rule for Access to "Awesome BI" " and a second rule called "Awesome BI Rule".

      The first rule is what is created automatically when you create a stream.  After createing a stream, a new window appears with a blank rule named Security Rule for Access to "Awesome BI" with Read and Publish permissions checked but no names assigned.  At this point you have the option of designating name/groups to the rule as well as checking additional permissions or unchecking the Read/Publish permissions.

      The second rule was created after the Stream was created by accessing the QMC and going to the security rules section and explicitly creating rules.  

      In our instance, the first rule was created without any changes, i.e. no groups or names or anything was assigned to the rule and permissions were left at Read and Publish. The second rule was created and this is where groups were assigned Read, Update, Publish, and Change Owner permissions.   My predecessor did this because a "QLIK expert" told him to "never change or delete system rules" and that you "should create new rules" if you want to assign some permissions. Since we are new to QLIK, everyone is nervous about everything. I was/am of the opinion that these are not "system" rules since they are created at the time of creating streams and not created via .exe that installs QLIK on the server.

       

        Here are my questions...

      Since the first rule does not have anybody assigned to it, I was thinking

      1) that it is a useless/empty rule and can be deleted.

      2) or, if it should not or can't be deleted without causing problems, I set the permissions that are defined in the second rule in the rule named Security Rule for Access to "Awesome BI"

       

      Basically, my thought is having both of these rules is just clutter. It is my supposition that the first rule is useless and effects nothing. We should therefore either delete the rule or use it to apply the permissions set in the second rule and delete the second rule.  At the very least, as I re-build the QLIK instance after the upgrade I should apply the permissions there as I create streams.

       

      Can anyone confirm that QLIK requires a rule for each stream named "Security Rule for Access to..." and if it does, that it is also advisable to leave the rule at default settings as basically a blank rule. Or is this simply a mis-understanding that my predessor had with our QLIK expert. I.E. I have this only applies to changes for SYSTEM rules (i.e. the rule names "DataConnection" ) that it is advisable to simply disable the original rule and create a new rule.

       

      Thanks for your input.