Skip to main content

Access rights and Dev Hub

ON THIS PAGE

Access rights and Dev Hub

You must have certain access rights to be able to create mashups, and visualization extensions in Dev Hub. The Qlik Management Console (QMC) is delivered with a set of predefined administration roles. Each role is associated with security rules for specific purposes.

The access control for the administrators can also be configured so that they get access rights in the QMC that correspond to their roles and responsibilities. The RootAdmin is created on installation. This role is automatically assigned to the user who provided the first valid license key to the QMC. The RootAdmin has full access rights to all Qlik Sense resources, including mashups, and extensions. The ContentAdmin role gives full access to all resources except nodes, engines, repositories, schedulers and syncs. But it does give access to mashups, and extensions.

If you do not have RootAdmin or ContentAdmin rights, you will not be able to create new mashups, or visualization extensions from Dev Hub by default. You can, however, view them in the editors but you cannot make any alteration to them.

Note: You do not need RootAdmin or ContentAdmin rights to work with the Engine API Explorer or the QlikView converter.

Security rules

The Qlik Sense system includes an security rules engine based on attributes that uses rules as expressions to evaluate what type of access a user or users should be granted for a resource. In the QMC, the Security rules overview lists all the available security rules.

There are security rules related to extensions predefined in the QMC. These make it possible for everyone to view extensions from the hub and from Dev Hub. If you are a system administrator it is possible to edit the existing rules, or create a new rule, allowing users that are not RootAdmin to create extensions.

Actions

When creating security rules for users, you must specify at least one action that the user is allowed to perform on the resource. The following actions are available for the extensions resource.

Extensions resource actions
Property name Description
Create

Create resource.

Users that do not have create rights cannot create new, or duplicate existing, mashups, or extensions in Dev Hub.

Read

Read resource.

Users that do not have read rights do not have any mashups, or extensions available in Dev Hub.

Update

Update resource.

Users that do not have update rights cannot perform any updates to the mashups, or extensions that are available in Dev Hub.

Delete

Delete resource.

Users that do not have delete rights cannot delete any mashups, or extensions from Dev Hub.

Examples

Update rule: allow everyone to create extensions

In this example you edit an existing security rule allowing all users to create new extensions in Dev Hub.

  1. Open QMC.
  2. Select Security rules on the QMC start page or from the StartArrow down drop-down menu

  3. Select Extension in the list of security rules and then click Edit.
  4. Select the action Create from the Basic section of the Security rule edit panel.
  5. Test that your edits are valid by clicking Validate rule.
  6. Click Apply to update the security rule.

    Successfully updated is displayed at the bottom of the page.

New rule: allow a specific user or users to create extensions

In this example you add a new security rule allowing a specific user to create new extensions in Dev Hub.

  1. Open QMC.
  2. Select Security rules on the QMC start page or from the StartArrow down drop-down menu
  3. Click Create new Create new in the action bar.

    A split page is displayed, with the editing pane to the left (with all the properties) and the audit page to the right.

  4. Under Identification, in the Create rule from template drop-down list, select Extension access.
  5. Under Identification, give the rule a name, for example CreateExtension.
  6. Select the applicable Actions to assign access rights to the user for the resource.

    In this example we select action Create.

  7. Select a user condition that specifies which users the rule will apply to.

    In this example we select ((user.name="John Doe")).

    Warning: Environment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.
  8. In the Advanced view, select where the rule should be applied from the Context drop-down list.

    The context specifies where the rule is applied and must be Only in QMC or Both in hub and QMC.

  9. Click Preview to view the access rights that your rule will create and the users and resources that they apply to.

  10. Click Apply to create and save the rule.

    Successfully added is displayed at the bottom of the page.