It is possible that from time to time you will identify inconsistencies between the permissions you are expecting to give and the permissions that are actually set. Permissions in Qlik Sense are mostly managed by the security rules and depending on how customized your environment is, it can be difficult to identify/update your security rules.
In this article, I will provide easy steps to identify what is missing or which security rule(s) is not providing the expected outcome.
First, I would highly recommend starting by reading Concept - Security Rules in Qlik Sense which provides valuable information on how security rules work.
The troubleshooting approach you will take will mostly depend on the behaviour you are investigating:
- Too much access/excessive permissions
- Not enough access/permissions lacking
Troubleshooting excessive permissions
When troubleshooting this type of behavior it is important to remember that the security rules are permissive. Which means that in this case, you have one or more security rule providing these permissions.
The quickest way to identify which security rule(s) are affecting the permission is to first filter them based on the nature of your investigation.
For example, let say that you are investigation an issue where users can open more apps than they should in the hub. To investigate this behavior you need to:
- Open the QMC and go to Security Rules
- In the Resource column, filter any rules containing the term "App"
- Once you have reduced the scope of the potential security rules affecting the behavior, idea is to disable them one by one and check the behavior using the Audit pane. See How to Use the Audit function to verify app access for users and what rules are in place
- Finally, once you have identified the faulty rule(s) then it is only a matter of looking at the condition and correct it.
Troubleshooting lack of permissions
Once again, it is important to remember that security rules are only permissive. This means that if a user does not have access to something, it is most likely because something is missing in your security rules.
As every environment are customized to some extent the first step would be to create very permissive security rules to then narrow down to what is exactly needed.
You can follow the guidance provided in Guidance on how to conclude if the issue is Security Rule Related.
Once you have identified the missing Resource, you will then need to look at how it can be integrated into your existing set of rules.
The last general recommendation is to always have a test environment with a similar set of rules so you can test without affecting your users.
Here is the list of Resource filter that can be set in your Security rules.
Environment
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
Related Content
Concept - Security Rules in Qlik Sense
Collection of Specific Rule Scenarios and Customization of Qlik Sense Security rules
