Creating security rules
You can create security rules.
Do the following:
- Select Security rules on the QMC start page or from the StartS drop-down menu to display the overview.
-
Click PCreate new in the action bar.
This opens the Security rule edit page.
-
In the Identification view, select the type of resource you want to create a rule for from the Create from template drop-down list.
Information noteChanging the Create from template selection automatically clears all Actions, and changes the Advanced > Conditions text box accordingly.Property Security rule will be applied to Unspecified resource rule Access rules App access rule Apps App object access rule Objects
The Objects' objectTypes, for example: sheet, story, bookmark, measure or dimension.Content library access rule Content libraries Data connection access rule Data connections Extension access rule Extensions Reload task access rule Reload tasks Node access rule The configuration of Qlik Sense nodes Stream access rule Streams User access rule Users Security rule access rule Security rules User directory connector access rule User directories User sync task access rule User synchronization tasks -
In the Basic section, click P to add more conditions (optional).
When using multiple conditions you can group two conditions by clicking Group. After condtions have been grouped you can ungroup them by clicking Ungroup. The default operand between conditions is OR. You can change this in the operand drop-down. Multiple conditions are grouped so that OR is superior to AND.Property name Available in Description @<customproperty> App, App.Object, DataConnection, ReloadTask, ServerNodeConfiguration, Stream, Task The custom property associated with the resource. resource.@<customproperty> App.Object, ReloadTask The custom property associated with the resource. app.name App.Object, ReloadTask The name of the associated app. app.owner.@<customproperty> ReloadTask The custom property associated to the stream of an app. See the corresponding owner property for a description.
app.owner.email ReloadTask Owner property associated with the app. See the corresponding owner property for a description.
app.owner.environment.browser ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.context ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.device ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.ip ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.os ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.secureRequest ReloadTask Owner property associated with the app. See corresponding owner property for description. app.owner.group ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.owner.name ReloadTask The user name of the owner of the resource. app.owner.userDirectory ReloadTask The user directory of the owner of the resource app.owner.userId ReloadTask The user id of the owner of the resource app.stream.@<customproperty> App.Object, ReloadTask Owner property associated with the app. See corresponding owner property for description.
app.stream.name App.Object, ReloadTask The name of the associated stream. category SystemRule The system rule category: License, Security or Sync. description User The description of the owner retrieved from the user directory. email User The email addresses that are available from the connected user directories. environment.browser User Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE or Unknown.
Example 1:
Define browser and version:
Firefox 22.0
Chrome 33.0.1750.154
Information note If the browser information contains a slash (/), replace it with a space.Example 2:
Use the wildcard (*) to include all versions of the browser:
environment.browser = Chrome*
environment.context User Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
environment.device User Security rule will be applied to the type of device.
Available preset values: iPhone, iPad or Default.
environment.ip User Security rule will be applied to an IP number. environment.os User Security rule will be applied to the type of operating system.
Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest User Security rule will be applied to the type of request.
Available preset values: SSL True or False.
group User The group memberships of the owner retrieved from the user directory. roles User A role that is associated with the user. name App, App.Object, DataConnection, Extension, License.LoginAccessType, ReloadTask, ServerNodeConfiguration, Stream, User, UserDirectory, UserSyncTask, SystemRule, The name of the resource or user. objectType App.Object The type of app object.
Available preset values: story, masterobject, properties, sheet, dimension.
owner.@<customproperty> App, App.Object, DataConnection, Extension, Stream The custom property associated with the owner of the resource. owner.description App, DataConnection, Extension, Stream The description of the owner retrieved from the user directory. owner.email App, App.Object, DataConnection, Extension, Stream The email of the owner retrieved from the user directory. owner.environment.browser App, App.Object, DataConnection, Extension, Stream The browser environment of the owner of the resource. owner.environment.context App, App.Object, DataConnection, Extension, Stream Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
owner.environment.device App, App.Object, DataConnection, Extension, Stream The device environment of the owner of the resource. owner.environment.ip App, App.Object, DataConnection, Extension, Stream The IP environment of the owner of the resource. owner.environment.os App, App.Object, DataConnection, Extension, Stream The OS environment of the owner of the resource. owner.environment.secureRequest App, App.Object, DataConnection, Extension, Stream Indicates if the sent request is encrypted or not, that is using SSL or not (True or False). owner.group App, App.Object, DataConnection, Extension, Stream The group memberships of the owner retrieved from the user directory. owner.name App, App.Object, DataConnection, Extension, Stream The user name of the owner of the resource. owner.userDirectory App, App.Object, DataConnection, Extension, Stream The user directory of the owner of the resource owner.userId App, App.Object, DataConnection, Extension, Stream The user id of the owner of the resource. published App.Object The status of the app object. resourceFilter SystemRule The existing resource definitions (from the Resource column in the security rules overview). ruleContext SystemRule Specifies whether the rule should apply: Both in hub and QMC, Only in hub or Only in QMC. stream.@<customproperty> App The custom property associated with the stream. stream.name App The name of the associated stream. type SystemRule, DataConnection The type of security rule or data connection. userid User A user’s ID. userdirectory User The name of a user directory. userDirectory.name UserSyncTask The name of the user directory connection that the user sync task applies to. userDirectory.userDirectoryName UserSyncTask The name of the user directory that the user directory connector is connected to. userDirectoryName UserDirectory The name of the user directory connection in the QMC. Information noteFor some resources (for example, environment.browser), you need to select the checkbox Extended security environment in the proxy settings. -
Select the applicable Actions checkboxes to assign access rights to the user for the resource.
Property name Description create Create resource read Read resource update Update resource delete Delete resource export Be able to export a resource to a new format, for example Excel publish Be able to publish a resource to a stream changeOwner Be able to change the owner of a resource changeRole Be able to change user role exportData Be able to export data from an object -
Select a user condition that specifies which users the rule will apply to.
Warning noteEnvironment data received from external calls, for example type of OS or browser, is not secured by the Qlik Sense system.Tip noteAny user properties contained in connected user directories will be shown in the drop-down list. This could, for example, be an email address or department name.Property Description @<customproperty> A custom property associated with the user. name A user's full name.
userdirectory The name of a user directory. userid A user's ID. description The description of the owner retrieved from the user directory. email The email addresses that are available from the connected user directories. group The group memberships of the owner retrieved from the user directory. environment.browser Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE or Unknown.
Example 3:
Define browser and version:
Firefox 22.0
Chrome 33.0.1750.154
Information note If the browser information contains a slash (/), replace it with a space.Example 4:
Use the wildcard (*) to include all versions of the browser:
environment.browser = Chrome*
environment.context Security rule will be applied only to the Qlik Sense environment that the call originates from.
Available preset values: ManagementAccess or AppAccess.
environment.device Security rule will be applied to the type of device.
Available preset values: iPhone, iPad or Default.
environment.ip Security rule will be applied to an IP number. environment.os Security rule will be applied to the type of operating system.
Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest Security rule will be applied to the type of request.
Available preset values: SSL True or False.
-
In the Identification property, give the security rule a name in the Name text box.
Property Description Name The name of the rule. - Click Disabled if you do not want to enable the rule at this time.
-
In the Advanced view, select where the rule should be applied from the Context drop-down list.
Property Description Context Specifies whether the rule should apply: Both in hub and QMC, Only in hub or Only in QMC. -
Click the Preview tab to view the access rights that your rule will create and the users they apply to. See Previewing how security rules affect user privileges
Information noteYou must click Apply to save your changes. Apply is disabled if a mandatory field is empty. -
Click Apply in the action bar to create and save the rule or click Cancel to discard changes.
Successfully added is displayed at the bottom of the page.
For example, if you create an App access rule and set the resource condition Name to MyApp, it means that the rule applies to the app named MyApp. However, setting Name to MyApp* will apply the rule to all apps with names beginning with MyApp.
You have now created a new security rule.
Learn more
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!