Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Guidance on how to conclude if the issue is Security Rule Related

cancel
Showing results for 
Search instead for 
Did you mean: 
Yoichi_Hirotake
Support
Support

Guidance on how to conclude if the issue is Security Rule Related


Qlik Sense allows for flexible assignment of user access rights by utilizing Security Rule.

This article is meant to help in identifying if a Security Rule is causing an issue. For information on how Security Rules operate, please see the official Qlik Sense Help site for your respective version > Designing access control > Security rules evaluation

Each time a user requests access to a resource, Qlik Sense evaluates the request against the security rules in the Qlik Sense system. If at least one rule evaluates to True then Qlik Sense will provide the user with access according to the conditions and actions described in the security rule. If no rules evaluate to True then the user will be denied access. The fact that Qlik Sense security rules are property-based makes Qlik Sense very scalable as you can build rules based on properties that apply to groups of users.

As of such, it is possible that multiple custom security rules are in place that are overriding each other, or multiple "Roles" are assigned to a User in the "Users" tab and their rights are conflicting.

This article provide guidance on how to conclude if the issue is caused by Security Rules or by something else.

Also see related article Qlik Sense How to: Use the Audit function to see what access user has to apps in the hub, and what r...

Environment:

  • Qlik Sense Enterprise all versions

For Qlik Sense February 2019 (13.9.2), please first refer to Super Admin Security Rule not working

Resolution:


When a user reported an issue, create a super admin role, assign it to that user and see if the issue will be resolved.

1. Go to QMC > Security Rules
2. Click Create new button
3. Enter T-SuperAdmin in Name
4. Enter SuperAdmin for Troubleshooting Purpose in Description
5. Enter * in Resource filter
6. Tick "Create", "Read", "Update", "Delete", "Export", "Publish","Change owner", "Change role", "Export data", "Access offline", "Duplicate" in Action
7. Enter ((user.roles="T-SuperAdmin")) in Conditions
8. Select Both in hub and QMC in Context
9. Press Apply button
10. Go to QMC > Users
11. Select the user who has the issue and click Edit button
12. Click Add role button and select T-SuperAdmin
13. If any existing role or custom properties applied, please remove it 
14. Press Apply button
15. Ask the user who reported to do the test and see if the issue will be resolved for that user
Note: Please also ask the user to close all of the existing browsers before start the test.

If the issue resolved:

Security Rule related. Please review existing security rules
 

If the issue is not resolved:

 Not Security Related
Labels (2)
Version history
Last update:
‎2021-02-11 04:30 AM
Updated by:
Contributors