Access rights and Dev Hub
You must have certain access rights to be able to create mashups, and visualization extensions in Dev Hub. The Qlik Management Console (QMC) is delivered with a set of predefined administration roles. Each role is associated with security rules for specific purposes.
The access control for the administrators can also be configured so that they get access rights in the QMC that correspond to their roles and responsibilities. The RootAdmin is created on installation. This role is automatically assigned to the user who provided the first valid license key to the QMC. The RootAdmin has full access rights to all Qlik Sense resources, including mashups, and extensions. The ContentAdmin role gives full access to all resources except nodes, engines, repositories, schedulers and syncs. But it does give access to mashups, and extensions.
If you do not have RootAdmin or ContentAdmin rights, you will not be able to create new mashups, or visualization extensions from Dev Hub by default. You can, however, view them in the editors but you cannot make any alteration to them.
The Qlik Sense system includes an security rules engine based on attributes that uses rules as expressions to evaluate what type of access a user or users should be granted for a resource. In the QMC, the Security rules overview lists all the available security rules.
There are security rules related to extensions predefined in the QMC. These make it possible for everyone to view extensions from the hub and from Dev Hub. If you are a system administrator it is possible to edit the existing rules, or create a new rule, allowing users that are not RootAdmin to create extensions.
When creating security rules for users, you must specify at least one action that the user is allowed to perform on the resource. The following actions are available for the extensions resource.
Users that do not have create rights cannot create new, or duplicate existing, mashups, or extensions in Dev Hub.
Users that do not have read rights do not have any mashups, or extensions available in Dev Hub.
Users that do not have update rights cannot perform any updates to the mashups, or extensions that are available in Dev Hub.
Users that do not have delete rights cannot delete any mashups, or extensions from Dev Hub.
Update rule: allow everyone to create extensions
In this example you edit an existing security rule allowing all users to create new extensions in Dev Hub.
- Open QMC.
Select Security rules on the QMC start page or from the Start drop-down menu
- Select Extension in the list of security rules and then click Edit.
- Select the action Create from the Basic section of the Security rule edit panel.
- Test that your edits are valid by clicking Validate rule.
Click Apply to update the security rule.
Successfully updated is displayed at the bottom of the page.
New rule: allow a specific user or users to create extensions
In this example you add a new security rule allowing a specific user to create new extensions in Dev Hub.
- Open QMC.
- Select Security rules on the QMC start page or from the Start drop-down menu
Click Create new in the action bar.
A split page is displayed, with the editing pane to the left (with all the properties) and the audit page to the right.
- Under Identification, in the Create rule from template drop-down list, select Extension access.
- Under Identification, give the rule a name, for example CreateExtension.
Select the applicable Actions to assign access rights to the user for the resource.
In this example we select action Create.
Select a user condition that specifies which users the rule will apply to.
In this example we select ((user.name="John Doe")).Warning noteEnvironment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.
In the Advanced view, select where the rule should be applied from the Context drop-down list.
The context specifies where the rule is applied and must be Only in QMC or Both in hub and QMC.
Click Preview to view the access rights that your rule will create and the users and resources that they apply to.
Click Apply to create and save the rule.
Successfully added is displayed at the bottom of the page.