Skip to main content Skip to complementary content
Qlik Resources
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

put_task_acl

Puts an explicit ACL for a specific task in Qlik Enterprise Manager. The method will replace any existing explicit ACL with the ACL in the request. The request also includes a boolean flag for specifying whether or not the task should inherit ACLs from its ancestors (in addition to its explicitly defined ACLs).

The inherited ACLs (that is, the ACLs of the task's ancestors) are not affected by this method.

The PutTaskAcl can be used together with the GetTaskAcl method in order to update an existing task's ACL. First call GetTaskAcl, then edit the returned roles as required, and finally, call PutTaskAcl.

Behavior when putting a partial request:

When the request body includes only some of the roles (as opposed to all four of them), only the roles specifically defined in the request body will be set on the task; roles that are missing or empty will be inherited, but only if the following are true:

  • The disable_inheritance flag is set to "True".
  • The roles that are missing/empty in the request are defined for the ancestors.

Behavior on conflicts:

If the disable_inheritance flag is set to "False" and the explicit roles in the request conflict with existing inherited roles, then the explicit roles will take precedence. For example, if the request defines user A as a Viewer on MyTask and user A is also defined as an Admin on All Tasks, then user A will be defined as an Admin on All Tasks but as a Viewer on MyTask.

Information note

The user permissions in Enterprise Manager are completely independent of the user permissions in Replicate. Consequently, put_task_acl will affect the task's Enterprise Manager user permissions, but will not affect Replicate's user permissions.

Moreover, when performing an operation via Enterprise Manager, the user permissions defined for the task entity in Enterprise Manager apply, whereas when performing an operation directly via the Replicate Console, the user permissions defined in Replicate apply.

Information note

Defining the same user/group in different roles is not allowed. However, if the same user or group is defined in different roles but with a different case (for example, Mike vs. mike or Analysts vs. ANALYSTS), no error will be returned and the strongest role will take precedence.

Required User Role: See Required Enterprise Manager permissions.

Syntax

def put_task_acl(

self,

payload,

server

task

)

Parameters

Parameters
Parameter Type Description

payload

AemAuthorizationAcl

-

DisableInheritance

bool

If set to "true", the task does not inherit ACLs from its ancestors (in addition to its explicit ACLs). If set to "false", the task inherits ACLs from its ancestors, in addition to any explicit ACLs.

AdminRole

AemRoleDef

Users and/or groups assigned as Admin role.

DesignerRole

AemRoleDef

Users and/or groups assigned as Designer role.

OperatorRole

AemRoleDef

Users and/or groups assigned as Operator role.

ViewerRole

AemRoleDef

Users and/or groups assigned as Viewer role.

NoneRole

 AemRoleDef

Users and/or groups without a role.

Groups

List<AemGroupRef>

Groups assigned as the role.

Name

string

The group name.

Users

List<AemUserRef>

Users assigned as the role.

Name

string

The user name.

task

string

The name of the task.

Return values

N/A

Errors

All of the general errors as well as the errors listed in the table below.

Error responses
Error Message Description

DESERIALIZE_TO_TYPE

"Failed to deserialize json to type AemAuthorizationAcl: {message}"

Returned when the JSON format is invalid. For example, such an error will be returned if the JSON contains an unknown role.

AEM_PUT_TASK_ACL_INNER_ERR

Failed to put ACL of task "{task}".

Error: "{message}".

Returned if Qlik Enterprise Manager encounters an error/exception when trying to put the task's ACL.

AEM_NO_ DOMAIN_IN_USER

User "{userName}" must be preceded by a domain name, separated by a backslash.

Example:

domain_name\user_name.

Returned when the domain is missing from the user name.

AEM_NO_ DOMAIN_IN_GROUP

Group "{groupName}" must be preceded by a domain name, separated by a backslash.

Example:

domain_name\group_name.

Returned when the domain is missing from the group name.

AEM_NO_ADMIN_ON_TASK

Requested task "{taskName}" has no admin user.

At least one user or group must be assigned to the "admin" role.

Returned when there is no admin on the task.

Possible reasons:

  • The request JSON is set to disable_inheritance=true and the explicit admin role in the JSON is empty.
  • The JSON is set to disable_inheritance =true, the explicit admin role in the JSON is empty, and the parent levels do not have an admin user to inherit.

AEM_USER_ASSIGNED_TO_MULTIPLE_ROLES

User "{userName}" is assigned to multiple roles. Users can only be assigned to a single role.

Returned when a user is assigned to multiple roles.
AEM_GROUP_ASSIGNED_TO_MULTIPLE_ROLES

Group "{groupName}" is assigned to multiple roles. Groups can only be assigned to a single role.

Returned when a group is assigned to multiple roles.

AEM_USER_GROUP_MULTIPLE_ASSIGNED

"{userName/groupName}" is assigned to multiple roles or to the same role twice. Users/groups can only be assigned once, and to a single role.

Returned either when the specified user already exists as a group in the same/another role, or the specified group already exists as a user in the same/another role.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here