Qlik Sense comes with six default admin roles. If you want to create a custom admin role, you need some security rules. In this example, you will create a custom admin role for the management of streams, apps, app objects, and reload tasks.
The following security rules are needed:
-
A rule that provides access to the required resources.
-
A QMC section access rule, providing the admin with access to the required sections in the QMC.
By creating a generic admin role, rather than creating security rules for a certain user, you make the rules reusable. The custom admin role can be assigned to several users, without changing any of the security rules.
Resource rule
By creating a resource rule, you can provide one or more users with the same admin access rights.
Do the following:
-
Select Security rules and click
Create new. -
In the Name field, type CustomAdmin.
-
Set the resource filter to filter on streams, apps, app objects (such as sheets and stories), and tasks.
In the Basic section, fill in the Resource filter field as follows:
Stream_*, App_*, App.Object_*, ReloadTask_*
-
Set the actions that the rule should provide for the specified resources.
In the Basic section, select the Actions as follows:
Create, Read, Update, Delete, Export, Publish, Export data
-
Set the conditions to specify the user role.
In the Advanced section, fill in the Conditions field as follows:
user.roles = "CustomAdmin"
-
Click Apply.
-
Assign the role to the user who will be the custom administrator.
Go to QMC start page > Users.
-
Select the user and click Edit.
-
Click
under Admin roles and select CustomAdmin. -
Click Apply.
This table summarizes the security rule fields for the user role CustomAdmin.
| Field | Code | Comments |
|---|---|---|
| Resource filter | Stream_*, App_*, App.Object_*, ReloadTask_* |
Filters on resource types Stream, App, AppObjects, and ReloadTasks. Tip noteAlternatively, you could write App* instead of App_*, App.Object_*, because the wildcard (*), without the underscore (_), targets all resource types beginning with App.
|
| Actions | Create, Read, Update, Delete, Export, Publish, Export data |
These actions will be granted provided the conditions are met. |
| Conditions | user.roles = "CustomAdmin" |
The user role CustomAdmin will be available in Users > Roles. |
QMC section access
To manage the content, the admin must have section access to the relevant sections in the QMC.
Do the following:
-
Select Security rules and click
Create new. -
In the Name field, type QMC_Sections_CustomAdmin.
-
Set the resource filter to filter on the QMC sections that the CustomAdmin needs access to.
In the Basic section, fill in the Resource filter field as follows:
License_*,QmcSection_Stream,QmcSection_App,QmcSection_App.Object,QmcSection_Task
-
Set the actions that the rule should provide for the specified resources.
In the Basic section, select the Actions as follows:
Read
-
Set the conditions to specify the user role.
In the Advanced section, fill in the Conditions field as follows:
user.roles = "CustomAdmin"
-
Set the context for the rule.
In the Advanced section, in the Context field, select Only in QMC.
-
Click Apply.
This table summarizes the security rule for QMC_Sections_CustomAdmin.
| Field | Code | Comments |
|---|---|---|
| Resource filter | License_*,QmcSection_Stream,QmcSection_App,QmcSection_App.Object,QmcSection_Task |
The QMC section access rule only grants read access to a QMC section. |
| Actions | Read |
The action is granted provided that the conditions are met. |
| Conditions | user.roles = "CustomAdmin" |
Users with the admin role CustomAdmin are granted access to these sections. |
| Context | Only in QMC |
This rule only applies to the QMC. |