Creating security rules

You can create security rules.

If you define a rule without specifying at least one Resource or User condition, your rule will apply to all resources and/or users as indicated by (ALL) next to the condition heading.

Do the following:

Select Security rules on the QMC start page or from the StartS drop-down menu to display the overview.
Click PCreate new in the action bar.

This opens the Security rule edit page.

In the Identification view, select the type of resource you want to create a rule for from the Create from template drop-down list.

Changing the Create from template selection automatically clears all Actions, and changes the Advanced > Conditions text box accordingly.

Property	Security rule will be applied to
Unspecified resource rule	Access rules
App access rule	Apps
App object access rule	Objects The Objects' objectTypes, for example: sheet, story, bookmark, measure or dimension.
Content library access rule	Content libraries
Data connection access rule	Data connections
Extension access rule	Extensions
Reload task access rule	Reload tasks
Node access rule	The configuration of Qlik Sense nodes
Stream access rule	Streams
User access rule	Users
Security rule access rule	Security rules
User directory connector access rule	User directories
User sync task access rule	User synchronization tasks

For example, if you create an App access rule and set the resource condition Name to MyApp, it means that the rule applies to the app named MyApp. However, setting Name to MyApp* will apply the rule to all apps with names beginning with MyApp.

In the Basic section, click P to add more conditions (optional).

When using multiple conditions you can group two conditions by clicking Group. After condtions have been grouped you can ungroup them by clicking Ungroup. The default operand between conditions is OR. You can change this in the operand drop-down. Multiple conditions are grouped so that OR is superior to AND.

Property name	Available in	Description
@<customproperty>	App, App.Object, DataConnection, ReloadTask, ServerNodeConfiguration, Stream, Task	The custom property associated with the resource.
resource.@<customproperty>	App.Object, ReloadTask	The custom property associated with the resource.
app.name	App.Object, ReloadTask	The name of the associated app.
app.owner.@<customproperty>	ReloadTask	The custom property associated to the stream of an app. See the corresponding owner property for a description.
app.owner.email	ReloadTask	Owner property associated with the app. See the corresponding owner property for a description.
app.owner.environment.browser	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.context	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.device	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.ip	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.os	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.secureRequest	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.group	ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.owner.name	ReloadTask	The user name of the owner of the resource.
app.owner.userDirectory	ReloadTask	The user directory of the owner of the resource
app.owner.userId	ReloadTask	The user id of the owner of the resource
app.stream.@<customproperty>	App.Object, ReloadTask	Owner property associated with the app. See corresponding owner property for description.
app.stream.name	App.Object, ReloadTask	The name of the associated stream.
category	SystemRule	The system rule category: License, Security or Sync.
description	User	The description of the owner retrieved from the user directory.
email	User	The email addresses that are available from the connected user directories.
environment.browser	User	Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE or Unknown. Example 1: Define browser and version: Firefox 22.0 Chrome 33.0.1750.154 Information note If the browser information contains a slash (/), replace it with a space. Example 2: Use the wildcard () to include all versions of the browser: environment.browser = Chrome
environment.context	User	Security rule will be applied only to the Qlik Sense environment that the call originates from. Available preset values: ManagementAccess or AppAccess.
environment.device	User	Security rule will be applied to the type of device. Available preset values: iPhone, iPad or Default.
environment.ip	User	Security rule will be applied to an IP number.
environment.os	User	Security rule will be applied to the type of operating system. Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest	User	Security rule will be applied to the type of request. Available preset values: SSL True or False.
group	User	The group memberships of the owner retrieved from the user directory.
roles	User	A role that is associated with the user.
name	App, App.Object, DataConnection, Extension, License.LoginAccessType, ReloadTask, ServerNodeConfiguration, Stream, User, UserDirectory, UserSyncTask, SystemRule,	The name of the resource or user.
objectType	App.Object	The type of app object. Available preset values: story, masterobject, properties, sheet, dimension.
owner.@<customproperty>	App, App.Object, DataConnection, Extension, Stream	The custom property associated with the owner of the resource.
owner.description	App, DataConnection, Extension, Stream	The description of the owner retrieved from the user directory.
owner.email	App, App.Object, DataConnection, Extension, Stream	The email of the owner retrieved from the user directory.
owner.environment.browser	App, App.Object, DataConnection, Extension, Stream	The browser environment of the owner of the resource.
owner.environment.context	App, App.Object, DataConnection, Extension, Stream	Security rule will be applied only to the Qlik Sense environment that the call originates from. Available preset values: ManagementAccess or AppAccess.
owner.environment.device	App, App.Object, DataConnection, Extension, Stream	The device environment of the owner of the resource.
owner.environment.ip	App, App.Object, DataConnection, Extension, Stream	The IP environment of the owner of the resource.
owner.environment.os	App, App.Object, DataConnection, Extension, Stream	The OS environment of the owner of the resource.
owner.environment.secureRequest	App, App.Object, DataConnection, Extension, Stream	Indicates if the sent request is encrypted or not, that is using SSL or not (True or False).
owner.group	App, App.Object, DataConnection, Extension, Stream	The group memberships of the owner retrieved from the user directory.
owner.name	App, App.Object, DataConnection, Extension, Stream	The user name of the owner of the resource.
owner.userDirectory	App, App.Object, DataConnection, Extension, Stream	The user directory of the owner of the resource
owner.userId	App, App.Object, DataConnection, Extension, Stream	The user id of the owner of the resource.
published	App.Object	The status of the app object.
resourceFilter	SystemRule	The existing resource definitions (from the Resource column in the security rules overview).
ruleContext	SystemRule	Specifies whether the rule should apply: Both in hub and QMC, Only in hub or Only in QMC.
stream.@<customproperty>	App	The custom property associated with the stream.
stream.name	App	The name of the associated stream.
type	SystemRule, DataConnection	The type of security rule or data connection.
userid	User	A user’s ID.
userdirectory	User	The name of a user directory.
userDirectory.name	UserSyncTask	The name of the user directory connection that the user sync task applies to.
userDirectory.userDirectoryName	UserSyncTask	The name of the user directory that the user directory connector is connected to.
userDirectoryName	UserDirectory	The name of the user directory connection in the QMC.

For some resources (for example, environment.browser), you need to select the checkbox Extended security environment in the proxy settings.

Select the applicable Actions checkboxes to assign access rights to the user for the resource.

Property name	Description
create	Create resource
read	Read resource
update	Update resource
delete	Delete resource
export	Be able to export a resource to a new format, for example Excel
publish	Be able to publish a resource to a stream
changeOwner	Be able to change the owner of a resource
changeRole	Be able to change user role
exportData	Be able to export data from an object

Select a user condition that specifies which users the rule will apply to.

Environment data received from external calls, for example type of OS or browser, is not secured by the Qlik Sense system.

Any user properties contained in connected user directories will be shown in the drop-down list. This could, for example, be an email address or department name.

Property	Description
@<customproperty>	A custom property associated with the user.
name	A user's full name.
userdirectory	The name of a user directory.
userid	A user's ID.
description	The description of the owner retrieved from the user directory.
email	The email addresses that are available from the connected user directories.
group	The group memberships of the owner retrieved from the user directory.
environment.browser	Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE or Unknown. Example 3: Define browser and version: Firefox 22.0 Chrome 33.0.1750.154 Information note If the browser information contains a slash (/), replace it with a space. Example 4: Use the wildcard () to include all versions of the browser: environment.browser = Chrome
environment.context	Security rule will be applied only to the Qlik Sense environment that the call originates from. Available preset values: ManagementAccess or AppAccess.
environment.device	Security rule will be applied to the type of device. Available preset values: iPhone, iPad or Default.
environment.ip	Security rule will be applied to an IP number.
environment.os	Security rule will be applied to the type of operating system. Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest	Security rule will be applied to the type of request. Available preset values: SSL True or False.

In the Identification property, give the security rule a name in the Name text box.

Property	Description
Name	The name of the rule.

Click Disabled if you do not want to enable the rule at this time.

In the Advanced view, select where the rule should be applied from the Context drop-down list.

Property	Description
Context	Specifies whether the rule should apply: Both in hub and QMC, Only in hub or Only in QMC.

Click the Preview tab to view the access rights that your rule will create and the users they apply to. See Previewing how security rules affect user privileges

Information noteYou must click Apply to save your changes. Apply is disabled if a mandatory field is empty.
Click Apply in the action bar to create and save the rule or click Cancel to discard changes.

Successfully added is displayed at the bottom of the page.

You have now created a new security rule.

Learn more

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here