Skip to main content Skip to complementary content
Qlik Resources

Managing a Qlik Sense Enterprise on Windows site

The QMC is a web-based application for configuring and administrating your Qlik Sense Enterprise on Windows site. In the QMC, you can, among other things, do the following:

  • Manage licenses
  • Manage access types
  • Configure nodes
  • Manage data connections
  • Manage content security (by security rules)
  • Manage tasks and triggers
  • Synchronize users
Information noteIn a multi-node installation, you manage the whole Qlik Sense Enterprise on Windows site from the QMC on the central node. You can access the QMC from rim nodes, but requests from the QMC towards the repository are routed to the repository on the central node.

The QMC provides you with a set of very powerful tools to create different access patterns for different QMC administrators and for the different user groups that access the hub:

  • Security rules
  • Admin roles
  • Custom properties
Information noteFor some useful tips regarding how to work with the QMC, see QMC performance – best practices.

Important concepts in the QMC

Apps

You can create and publish apps to streams from the Qlik Sense hub, if you have the appropriate access rights. Apps can also be published from the QMC. To publish an app that is created in a Qlik Sense Desktop installation, you must first import it from the QMC. The security rules applied to the app, stream, or user, determine who can access the content and what the user is allowed to do. The app is locked when published. Content can be added to a published app through the Qlik Sense hub in a server deployment, but content that was published with the original app cannot be edited. Apps can only be deleted from the apps overview page of the QMC.

Associated items

The resources in the QMC have an associative structure. This makes it easy for you to navigate between the different resources in the QMC. Because of the associative structure of the QMC, you can select a resource in more than one way. For example, you can select an app either from the apps overview or from the Associated items for the stream that the app belongs to. Similarly, you can select a task either from the tasks overview or from the Associated items for the app that the task belongs to.

Audit

On the QMC audit page, you can query for resources and users, and audit the security rules, load balancing rules, or license rules that have been defined in the Qlik Sense system.

Custom properties and QMC tags

In the QMC, you can create customized properties that you can connect to resources. The main purpose of custom properties is to use them in the security rules. You can also create and connect QMC tags that can be used for filtering on the overview page of a resource. Tags cannot be used in the security rules.

Application example for custom properties:

  • Grouping streams by department

    Create a custom property called Departments with values appropriate to your organization. Apply the custom property to your streams and you can then apply security rules to streams according to their Departments property instead of managing security rules for individual streams.

Tip noteGroup memberships are uploaded to the central repository when you create and synchronize a user directory connector. This means that you can apply security rules to group memberships instead of defining and applying custom properties to users.

Data connections

You can manage security rules for all data connections from the QMC. Users can create data connections from Qlik Sense but the sharing of data connections (security rules) is managed from the QMC.

Multiple selections

You can select several resources from the overview. By doing this, you can edit or delete multiple resources at the same time. This makes your QMC administration work more efficient.

Publish to stream

You can create and publish apps to streams from the Qlik Sense hub, if you have the appropriate access rights. Apps can also be published from the QMC. To publish an app that is created in a Qlik Sense Desktop installation, you must first import it from the QMC. The security rules applied to the app, stream, or user, determine who can access the content and what the user is allowed to do. The app is locked when published. Content can be added to a published app through the Qlik Sense hub in a server deployment, but content that was published with the original app cannot be edited.

By default, Qlik Sense includes two streams: Everyone and Monitoring apps.

Information noteAll authenticated users have read and publish rights to the Everyone stream and all anonymous users read-only rights.
Information noteThree of the predefined admin roles (RootAdmin, ContentAdmin, and SecurityAdmin), have read and publish rights to the Monitoring apps stream.

Security rules

Content security is a critical aspect of setting up and managing your Qlik Sense Enterprise on Windows system. The QMC enables you to centrally create and manage security rules for all your Qlik Sense resources. Security rules define what a user is allowed to do with a resource, for example read, update, create, or delete.

By design, security rules are written to include, not exclude, users. Users who are not included in security rules are denied access. Therefore, security rules must be created to enable users to interact with Qlik Sense content, data connections, and other resources.

Information noteThe QMC includes pre-defined administrator roles, including the RootAdmin user who has full access rights to the Qlik Sense Enterprise on Windows system, which allows the RootAdmin user to set up security rules.

Access types

There are two license models: the serial and control number and the signed license key. These models define the terms of your license and the access types that you can allocate to users. With a signed license key, you need internet access (direct or through a proxy) to access the cloud-based license backend, for user assignments, analytic time consumption, and product activations.

There are two major license types: one based on access types, and one based on tokens.

  • Access types licenses are the Professional and Analyzer Users licenses (user-based) and Analyzer Capacity licenses (capacity-based). With a Professional and Analyzer Users license you can allocate professional access and analyzer access. With an Analyzer Capacity license you can allocate analyzer capacity access, where consumption is time based (analyzer time).
  • With a Qlik Sense Token license you use tokens to allocate access passes to users. You can allocate user access and login access.

An access type allows users to access the hub and apps within a Qlik Sense Enterprise on Windows site.

Information noteIf you want to set up Qlik Sense Enterprise SaaS, please contact your Qlik representative or Qlik Support to obtain a valid license for the setup.

Each access type provides the Qlik Sense user with a certain type of access to Qlik Sense apps. A user with no access type cannot see any streams.

Information noteApplication access only grants access to app objects in mashups, and not to the Qlik Sense hub or streams.

Users

All user data is stored in the Qlik Sense Repository Service (QRS) database. You create user directory connectors in the QMC to be able to synchronize and retrieve the user data from a configured directory service. When a user logs in to Qlik Sense or the QMC, the user data is automatically retrieved. You can change the authentication method that handles the authentication of the Qlik Sense users.

Resource owners

The creator of a resource (for example, an app or a stream) is by default the owner of the resource. You can change the ownership for resources in the QMC.

Resource workflow

The following illustration gives an overview of the workflow of the resources.

Qlik Sense hub contains the App, Sheets, and Stories streams. The Sheets and Stories streams connect to the App stream. QMC contains four items. The first item in QMC contains App, Sheets, and Stories. Both sheets and stories connect to App, and App publishes to the App stream in Qlik Sense hub. The second item in QMC contains Tasks and Triggers. Triggers connects to Tasks, and tasks connects to both App in the first item, and User directory connectors in the third item inside of QMC. The third item contains User directory connectors and Users. User directory connectors connects to Users. Security rules exist in QMC, which connect to Users in the third item of QMC, The Stories stream in Qlik Sense hub, and Login access in the License and tokens item in QMC. License and tokens exists inside of QMC, and it contains Login access, Tokens, License, and User access. Login acess and User access connects to Qlik Sense hub, while License connects to tokens, and Tokens connects both to Login acess and User access.

Resource overview and workflow for a token-based license

The apps, sheets, and stories are created from the Qlik Sense hub. Apps are published to streams from the Qlik Sense hub or from the QMC.

Tasks are available for apps and user directory connectors. The reload task is used to fully reload the data in an app from the source. The user sync task is applied to a user directory connector to synchronize the users from a user directory. Triggers can execute tasks.

A stream security rule is applied to the stream and affects the access rights for the users.

Token-based license: The site license provides for a number of tokens that are allocated to access types. Users are given access to streams and apps on the hub by login access or user access. A security rule is applied to the login access to specify which users the login access is available for.

User-based license: The site license provides for a number of professional and analyzer access allocations. Users are given access to streams and apps on the hub by their access.

Information noteThe hub is not a part of the QMC. The hub is where Qlik Sense apps and sheets are opened and managed.

Learn more

 

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here