Creating security rules
Do the following:
-
Select Security rules on the QMC start page or from the StartS drop-down menu.
-
Click PCreate new in the action bar.
A split page is displayed, with the editing pane to the left (with all the properties) and the audit page to the right.
-
Under Identification, in the Create rule from template drop-down list, select the resource type to create a rule for.
Tip noteIn the Advanced section, next to the Resource filter text box, you can click the arrow to open a popover where you can select multiple resources for the filter.Property Security rule will be applied to Unspecified Access rules App access Apps App object access Objects
The Objects' objectTypes, for example: sheet, story, bookmark, measure, or dimension.Content library access Content libraries Data connection access Data connections Extension access Extensions Reload task access Reload tasks Node access The configuration of Qlik Sense nodes Stream access Streams User access Users Security rule access Security rules User directory connector access User directories User synchronization task access User synchronization tasks For example, if you create an App access rule and set the resource condition Name to MyApp, it means that the rule applies to the app named MyApp. However, setting Name to MyApp* will apply the rule to all apps with names beginning with MyApp.
Information noteChanging the Create rule from template selection automatically clears all Actions, and changes the Conditions text box in the Advanced section accordingly. -
Under Identification, give the rule a name and a description.
-
Click Disabled if you do not want to enable the rule at this time.
-
In the Basic section, click P to add more conditions (optional).
When using multiple conditions, you can group two conditions by clicking Group. After the conditions have been grouped, you have the option Ungroup. Additional subgrouping options are Split and Join. The default operator between conditions is OR. You can change this in the operator drop-down list. Multiple conditions are grouped so that AND is superior to OR.Information noteWhen using a wildcard (*), you must use the "like" operator, instead of "=".
Property name Description @<customproperty> The custom property associated with the resource. resource.@<customproperty> The custom property associated with the resource. app.name The name of the associated app. app.owner.@<customproperty> The custom property associated to the stream of an app. See corresponding owner property for description.
app.owner.email Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.browser Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.context Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.device Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.ip Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.os Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.secureRequest Owner property associated with the app. See corresponding owner property for description. app.owner.group Owner property associated with the app. See corresponding owner property for description.
app.owner.name The user name of the owner of the resource. app.owner.userDirectory The user directory of the owner of the resource app.owner.userId The user id of the owner of the resource app.stream.@<customproperty> Owner property associated with the app. See corresponding owner property for description.
app.stream.name The name of the associated stream. category The system rule category: License, Security, or Sync. description The description of the owner retrieved from the user directory. email The email addresses that are available from the connected user directories. environment.browser Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE, or Unknown.
Example 1:
Define browser and version:
Firefox 22.0
Chrome 33.0.1750.154
Information note If the browser information contains a slash (/), replace it with a space.Example 2:
Use the wildcard (*) to include all versions of the browser:
environment.browser like Chrome*
environment.context Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
environment.device Security rule will be applied to the type of device.
Available preset values: iPhone, iPad, or Default.
environment.ip Security rule will be applied to an IP number. environment.os Security rule will be applied to the type of operating system.
Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest Security rule will be applied to the type of request.
Available preset values: SSL True or False.
group The group memberships of the owner retrieved from the user directory. roles A role that is associated with the user. name The name of the resource or user. objectType The type of app object.
Available preset values: story, masterobject, properties, sheet, dimension.
owner.@<customproperty> The custom property associated with the owner of the resource. owner.description The description of the owner retrieved from the user directory. owner.email The email of the owner retrieved from the user directory. owner.environment.browser The browser environment of the owner of the resource. owner.environment.context Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
owner.environment.device The device environment of the owner of the resource. owner.environment.ip The IP environment of the owner of the resource. owner.environment.os The OS environment of the owner of the resource. owner.environment.secureRequest Indicates if the sent request is encrypted or not, that is using SSL or not (True or False). owner.group The group memberships of the owner retrieved from the user directory. owner.name The user name of the owner of the resource. owner.userDirectory The user directory of the owner of the resource owner.userId The user id of the owner of the resource. published The status of the app object. resourceFilter The existing resource definitions (from the Resource column in the security rules overview). ruleContext Specifies where the rule is applied: Both in hub and QMC, Only in hub, or Only in QMC. stream.@<customproperty> The custom property associated with the stream. stream.name The name of the associated stream. type The type of security rule or data connection. userid A user’s ID. userdirectory The name of a user directory. userDirectory.name The name of the user directory connection that the user sync task applies to. userDirectory.userDirectoryName The name of the user directory that the user directory connector is connected to. userDirectoryName The name of the user directory connection in the QMC. Information noteFor some resources (for example, environment.browser), you need to select Extended security environment in the proxy settings. -
Select the applicable Actions to assign access rights to the user for the resource.
Property name Description Create Create resource Read Read resource Update Update resource Delete Delete resource Export Be able to export a resource to a new format, for example Excel Publish Be able to publish a resource to a stream Change owner Be able to change the owner of a resource Change role Be able to change user role Export data Be able to export data from an object -
Select a user condition that specifies which users the rule will apply to.
Warning noteEnvironment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.Tip noteAny user properties contained in connected user directories will be shown in the drop-down list. This could, for example, be an email address or a department name.Property Description @<customproperty> A custom property associated with the user. name A user's full name.
userdirectory The name of a user directory. userid A user's ID. description The description of the owner retrieved from the user directory. email The email addresses that are available from the connected user directories. group The group memberships of the owner retrieved from the user directory. environment.browser Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE, or Unknown.
Example 3:
Define browser and version:
Firefox 22.0
Chrome 33.0.1750.154
Information note If the browser information contains a slash (/), replace it with a space.Example 4:
Use the wildcard (*) to include all versions of the browser:
environment.browser = Chrome*
environment.context Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
environment.device Security rule will be applied to the type of device.
Available preset values: iPhone, iPad, or Default.
environment.ip Security rule will be applied to an IP number. environment.os Security rule will be applied to the type of operating system.
Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest Security rule will be applied to the type of request.
Available preset values: SSL True or False.
-
In the Advanced view, you can type
select where the rule should be applied from the Context drop-down list.
Property Description Context Specifies where the rule is applied: Both in hub and QMC, Only in hub, or Only in QMC. -
Click Preview to view the access rights that your rule will create and the users and resources that they apply to.
-
Click Apply to create and save the rule.
Successfully added is displayed at the bottom of the page.
Learn more
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!