Access rights and Dev Hub

You must have certain access rights to be able to create mashups, visualization extensions, and widgets in Dev Hub. The Qlik Management Console (QMC) is delivered with a set of predefined administration roles. Each role is associated with security rules for specific purposes.

The access control for the administrators can also be configured so that they get access rights in the QMC that correspond to their roles and responsibilities. The RootAdmin is created on installation. This role is automatically assigned to the user who provided the first valid license key to the QMC. The RootAdmin has full access rights to all Qlik Sense resources, including mashups, extensions, and widgets. The ContentAdmin role gives full access to all resources except nodes, engines, repositories, schedulers and syncs. But it does give access to mashups, extensions and widgets.

If you do not have RootAdmin or ContentAdmin rights, you will not be able to create new mashups, visualization extensions, or widgets from Dev Hub by default. You can, however, view them in the editors but you cannot make any alteration to them.

Note: You do not need RootAdmin or ContentAdmin rights to work with the Engine API Explorer or the QlikView converter.

Security rules

The Qlik Sense system includes an security rules engine based on attributes that uses rules as expressions to evaluate what type of access a user or users should be granted for a resource. In the QMC, the Security rules overview lists all the available security rules.

There are security rules related to extensions and widgets predefined in the QMC. These make it possible for everyone to view extensions and widgets from the hub and from Dev Hub. If you are a system administrator it is possible to edit the existing rules, or create a new rule, allowing users that are not RootAdmin to create extensions or widgets.

Note: Widget libraries and widgets are treated as extensions in the QMC.

Actions

When creating security rules for users, you must specify at least one action that the user is allowed to perform on the resource. The following actions are available for the extensions resource.

Property name Description
Create

Create resource.

Users that do not have create rights cannot create new, or duplicate existing, mashups, extensions, widgets, or widget libraries in Dev Hub.

Read

Read resource.

Users that do not have read rights do not have any mashups, extensions, or widget libraries available in Dev Hub.

Update

Update resource.

Users that do not have update rights cannot perform any updates to the mashups, extensions, or widgets that are available in Dev Hub.

Delete

Delete resource.

Users that do not have delete rights cannot delete any mashups, extensions, widgets, or widget libraries from Dev Hub.

Examples

Update rule: allow everyone to create extensions, widget libraries and widgets

In this example you edit an existing security rule allowing all users to create new extensions, widget libraries and widgets in Dev Hub.

  1. Open QMC.
  2. Select Security rules on the QMC start page or from the StartS drop-down menu

  3. Select Extension in the list of security rules and then click Edit.
  4. Select the action Create from the Basic section of the Security rule edit panel.
  5. Test that your edits are valid by clicking Validate rule.
  6. Click Apply to update the security rule.

    Successfully updated is displayed at the bottom of the page.

New rule: allow a specific user or users to create extensions, widget libraries and widgets

In this example you add a new security rule allowing a specific user to create new extensions, widget libraries and widgets in Dev Hub.

  1. Open QMC.
  2. Select Security rules on the QMC start page or from the StartS drop-down menu
  3. Click P Create new in the action bar.

    A split page is displayed, with the editing pane to the left (with all the properties) and the audit page to the right.

  4. Under Identification, in the Create rule from template drop-down list, select Extension access.
  5. Under Identification, give the rule a name, for example CreateExtension.
  6. Select the applicable Actions to assign access rights to the user for the resource.

    In this example we select action Create.

  7. Select a user condition that specifies which users the rule will apply to.

    In this example we select ((user.name="John Doe")).

    Warning: Environment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.
  8. In the Advanced view, select where the rule should be applied from the Context drop-down list.

    The context specifies where the rule is applied and must be Only in QMC or Both in hub and QMC.

  9. Click Preview to view the access rights that your rule will create and the users and resources that they apply to.

  10. Click Apply to create and save the rule.

    Successfully added is displayed at the bottom of the page.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?