In general, a rule can be read as a sentence:
"Allow the requester to [action] the [resource] provided that [conditions]."
This section describes the action, resource, conditions, and other properties that can be used to build a rule.
Reading the security rule syntax notation
The security rules syntax notation is as follows:
- words written outside brackets in regular text are mandatory (required).
- words or characters written in bold outside or inside brackets are mandatory.
- words written in italic inside brackets are optional.
- words in blue in the syntax descriptions are links to further information on the syntax.
Security rule properties
Click the name of the field to see a description and then click the link to read the corresponding syntax (if available).
A name to identify the security rule. (MANDATORY)
Select to disable the security rule. The effect of disabled rules can still be evaluated using the preview or the audit tool. (OPTIONAL)
A short description of the intention with the rule. (OPTIONAL)
A mandatory definition of the type or types of resources that the security rule will be evaluated for. (MANDATORY)
resourcetype1[*][_*][, resourcetype2[*][_*], ...]
You can specify whether the security rule should apply: Both in hub and QMC, Only in hub, or Only in QMC.
A mandatory definition of the actions that the user will be allowed to perform on the resources if the rule evaluates to True. (MANDATORY)
action [, action]
You can add tags to the security rule. (OPTIONAL)
Conditions for security rules
Define resource and/or user conditions that should be met for the rule to apply. (OPTIONAL).
Conditions are defined using property-value pairs. You are not required to specify resource or user conditions. In fact, you can leave the Conditions field empty.
[resource.resourcetype = "resourcetypevalue"] [OPERATOR] [(((resource.property = propertyvalue) [OPERATOR (resource.property = propertyvalue)))]
The QMC includes several predefined functions that can be used to return property values from targeted resources.
Logical operator precedence
When more than one logical operator is used in a condition, NOT is evaluated first, then AND, and finally OR. Using parentheses, even when they are not required, can improve the readability of conditions and reduce the risk of making mistakes because of operator precedence.
How is A OR B AND C interpreted by the Qlik Sense security rules?
It is interpreted as A OR (B AND C).