Vizlib Home Try Vizlib

Vizlib Server Properties - Security Rules

Security Rules were introduced with Vizlib Server v1.6.0. and can be created and maintained in the Vizlib Management Console (VMC). Security rules can be applied to features within Vizlib Collaboration and Vizlib Finance, including streams, destinations, workflows and user roles, helping you manage access to your server configuration and user data and set user permissions. 


Creating a New Security Rule

Security Rules are found in the VMC under Security Rules (Figure 1). Clicking the Description will open the rule for editing, while clicking New Rule will open the Create Security Rule window.

Figure 1: Security Rules Menu

When you create a security rule, you'll need to enter values for the items listed here. 

  • Description - A unique name for your security rule.
  • Resource Type - The VMC feature which selects the security rule settings - Teamwork Stream, Finance Stream, Writeback Destination, Workflow, Integration, Teamwork Workspace, Finance Workspace, Lock Group, User Role (only available for Root Admin and Admin users) and Loop and Reduce Task
  • Resource ID - A list of Resource Type instances where your security rule is applied. 
    • Teamwork Stream/Finance Stream - select from a list of available streams.
    • Teamwork Workspace/Finance Workspace - select from a list of available workspaces.
    • Writeback Destination - select from a list of available destinations.
    • Workflow - select from a list of available workflows.
    • Integration - select from a list of available integrations.
    • Lock Group - select from a list of available lock groups.
    • User Role - select a VMC user role from Root Admin, Admin, or Content Admin. You can find our more about user roles here
    • Loop and Reduce Task - select from a list of loop and reduce tasks. 
  • Access Level - A property which controls the type of user access to the resource. 
  • Condition(s) -  A logical condition describing when the security rule should be met (e.g. assigning  access to a specific user) using the properties Attribute Type, Operator, and Value.
    • Attribute Type - this list is defined by the values imported into the Qlik Repository Service (QRS), so if you are looking to integrate a user list into your security rules (e.g. Active Directory) you will need to integrate these values using the Qlik Management Console (QMC). You can find instructions on connecting a user directory hereConditions can also be defined with user attributes - userId, userDirectory, name, roles and custom properties (starting with @).
    • Operator - operators set the requirement the condition needs to meet to be classed as true - you can check for a value to be Equal or NotEqual, and include partial matches with StartsWith, EndsWith and SubstringOf. Figure 2 shows a rule where the Write access level for a Teamwork Stream is only granted to users where the userDirectory has the value VlZLIB, if the operator changed to StartsWith, access would be granted to all users where the name of the userDirectory starts with VIZLIB. 
    • Value - values are strings which are used to validate whether a condition is met. They can be lower or upper case, and can include letters, numbers and special characters.

Note : Dynamic user attributes (available only per session) are not supported.

Figure 2: Create Security Rule

Back to Contents


Each Security Rule can contain one or more conditions. There are several actions you can perform on a condition to group them in unlimited ways (Figure 3).

Figure 3: Conditions Menu

  • Create Child Group - Creates condition group one level below. Imagine that you have condition and B. Creating a child group on condition would result in creating brackets around it - (A) and B
  • Move to Child Group - Considering condition (A) and B, the operation performed on condition B would result in (A and B)
  • Move to parent group - Performing this operation while having (A and B) on condition would result in A and (B)
  • Move group up - Considering conditions (A and B) or (C and D), performing this operation on C would result in (A and B and C) or (D)
  • Move group down - Works similar to the Move group up option, but in the other direction.

Back to Contents

User Access Levels

Security rules can be created to help manage resources by applying an Access Level to users. 

  • Teamwork Stream / Finance Stream - If Secure Stream is enabled in the stream settings, users cannot access the stream without Read, Write or Admin permissions. 
  • Writeback Destination - If Secure Destination is enabled in the destination settings, users cannot access the destination without Write access. 
  • Workflow - If a workflow state has a Visibility setting of Limited, users cannot view these settings unless they are granted Approver permissions in a security rule. 
  • User Role - Access levels for users can be viewed in User Roles.  For more information on user role permissions, please see our article here

Resource owners can also create a rule which grants VMC Admin access to allow other Content Admin users to manage the resource. VMC Admin rights are available for streams, destinations, workspaces and integrations.

Figure 4 shows a Finance Stream with Secure Stream enabled, and the tooltip instructions to create a security rule to manage access.

Figure 4: Finance Stream User Access

Back to Contents

Vizlib Server Migration (Below v1.6.0)

If you have a version of Vizlib Server below v1.6.0 installed, a migration will occur during the upgrade which will automatically create certain security rules, based on existing custom properties. This will allow you to safely upgrade without taking any further action. When the migration completes, your user access settings will be unchanged. 

Back to Contents

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.