Do the following:
Open the QMC: https://<QPS server name>/qmc
Select Security rules on the QMC start page or from the Start drop-down menu.
Click Create new in the action bar.
A split page is displayed, with the editing pane to the left (with all the properties) and the audit page to the right.
Under Identification, in the Create rule from template drop-down list, select the resource type to create a rule for.Tip noteIn the Basic section, next to the Resource filter text box, you can click the arrow to open a popover where you can select multiple resources for the filter.
Resource properties Property Security rule will be applied to Unspecified All resource types App access Apps App object access
ObjectsThe Objects' objectTypes, for example: sheet, story, bookmark, measure, or dimension.
Content library access Content libraries Data connection access Data connections Extension access Extensions Reload task access Reload tasks Node access The configuration of Qlik Sense nodes Stream access Streams User access Users Security rule access Security rules User directory connector access User directories User synchronization task access User synchronization tasks Analytic connection access Analytic connections
For example, if you create an App access rule and set the resource condition Name to MyApp, it means that the rule applies to the app named MyApp. However, setting Name to MyApp* will apply the rule to all apps with names beginning with MyApp.Information noteChanging the Create rule from template selection automatically clears all Actions, and changes the Conditions text box in the Advanced section accordingly.
Under Identification, give the rule a name and a description.
Select Disabled if you do not want to enable the rule at this time.
If needed, add additional resources to the resource filter. Click next to the Resource filter text box to open a pop-up with the available resources.
In the Basic section, click to add more conditions (optional).When using multiple conditions, you can group two conditions by clicking Group. After the conditions have been grouped, you have the option Ungroup. Additional subgrouping options are Split and Join. The default operator between conditions is OR. You can change this in the operator drop-down list. Multiple conditions are grouped so that AND is superior to OR.Information note
When using a wildcard (*), you must use the "like" operator, instead of "=".
For a presentation of the resource conditions, see: Available resource conditions.
Define the resource filters, see: Defining resource filters.
Select the applicable Actions to assign access rights to the user for the resource.
Access rule descriptions Action Description Create Create resource. Read Read resource. Update Update resource. Delete Delete resource. Export Export an app from Qlik Sense Enterprise into a qvf file. Duplicate Duplicate an app. Publish Publish a resource to a stream. Approve Approve an object belonging to an app. Change owner Change the owner of a resource. Change role Change user role. Export data
Export data from an object. This includes the following actions:
Information noteYou cannot grant access to only a subset of these actions.Information noteYou can enable export of data for anonymous users by creating a copy of the security rule ExportAppData and modifying the copy to only have resource.HasPrivilege("read") in Conditions. See Security rules included in Qlik Sense .
- "Export as image" for visualizations.
- "Export as PDF" for visualizations.
- "Export data" for visualizations.
- "Export sheet" in the menu.
- "Export story" in storytelling.
Access offline Access apps offline.
Select a user condition that specifies which users the rule will apply to.Warning noteEnvironment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.Tip noteAny user properties contained in connected user directories will be shown in the drop-down list. This could, for example, be an email address or a department name.
Condition properties Property Description @<customproperty> A custom property associated with the user. name
A user's full name.
userdirectory The name of a user directory. userid A user's ID. description The description of the owner retrieved from the user directory. The email addresses that are available from the connected user directories. group The group memberships of the owner retrieved from the user directory. environment.browser
Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE, or Unknown.
Define browser and version:
Chrome 33.0.1750.154Information note If the browser information contains a slash (/), replace it with a space.
Use the wildcard (*) to include all versions of the browser:
environment.browser = Chrome*
Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
Security rule will be applied to the type of device.
Available preset values: iPhone, iPad, or Default.
Security rule will be applied to an IP number.
Security rule will be applied to the type of operating system.
Available preset values: Windows, Linux, macOS X or Unknown.
Security rule will be applied to the type of request.
Available preset values: SSL True or False.
In the Advanced view, you can select where the rule should be applied from the Context drop-down list.
Context Specifies where the rule is applied: Both in hub and QMC, Only in hub, or Only in QMC.
Click Preview to view the access rights that your rule will create and the users and resources that they apply to.
Click Apply to create and save the rule.
Successfully added is displayed at the bottom of the page.