Skip to content

Instantly share code, notes, and snippets.

@theredpea

theredpea/audit_matrix.md

Last active April 10, 2018 19:46
Show Gist options
  • Save theredpea/dbbd03f073a9b6b30717c9d2f60a838e to your computer and use it in GitHub Desktop.
Save theredpea/dbbd03f073a9b6b30717c9d2f60a838e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
audit_matrix.md

Cells in HTML Matrix

Have a class:

  1. access_no (white)
  2. access_dis (yellow)
  3. access_ok (green)

Reminder the Qlik rules

Color Description
White No rules exist to provide access.
Green Access is granted.
Yellow Access is disabled.
Red Rule evaluation is broken.
Blue Preview color when editing or creating a new rule.

The class comes from JSON. The JSON comes from a call:

https://{domain}/qrs/SystemRule/Security/audit/matrix?xrfkey=OnFEbPVN4zWvxKWn

Cells in JSON Matrix

The response to above /SystemRule request is a JSON response; The matrix property of the JSON response contains a flat array for every combination of subjectId and resourceId

Individual elements of the JSON matrix array:

    {
        "subjectId": "192e1540-57c5-4456-b412-bc604408df15",
        "resourceId": "7ea26941-3552-4b63-bf7a-fdf03fd078e7",
        "audit": {
            "disabled": 2
        },
        "schemaPath": "AuditMatrixElement"
    },
    {
        "subjectId": "192e1540-57c5-4456-b412-bc604408df15",
        "resourceId": "f5c74642-b623-4165-9382-0525b11a4e31",
        "audit": {
            "disabled": 2
        },
        "schemaPath": "AuditMatrixElement"
    },

The audit property must decide the CSS class

  1. "disabled": 2
  2. "access": 15
  3. "access": 2

Searching the results (Ctrl+F), I could not find these regular expressions. This means 2 and 15 are the only options for "access", and 2 the only option for "disabled"

  • "access": [^(1|2)]
  • "disabled": [^2]

Example Custom Rules

Broad; All Extensions (aka "Explicit type naming using wildcard (_*)")

Resource filter : Extension_*

Extension-Specific (aka "Explicit naming")

Resource filter : Extension_{GUID}

...where the GUID comes from the resourceId returned for each cell in the matrix (see above); and is probably environment specific.

For example:

Extension_2b28feb2-90f6-4355-8ffe-11239d0ee139

Disabling a Security Rule

What does the "disabled" checkbox do?

  • Does it stop the rule from applying ? - so disabling a rule which gives read access to Extensions means no one can read extensions
  • Or does it continue to enforce the rule; but the "inverse" of the rule ? - so disabling a second, custom rule which gives read access to a specific extension, will prevent read of that extension?

We see it effects the yellow colors above https://help.qlik.com/en-US/sense/September2017/Subsystems/ManagementConsole/Content/security-rule-conventions.htm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment