# Security Rules

Security rules allows you to control the visibility of a resource based on conditions.\
\
You can create rules for the following resources:

* Groups
* Users

![](/files/l9N47FnbkaIZXr6GoJyh)

### Understanding rules scope

Once a rule is created, the rule will be applied to any area of the *Qommentary Admin Console* or any *Qommentary* *Extension* where the resource is displayed.

For example, if you setup a rule for groups, then you will be able to see only those groups which meet that condition.

### Creating a rule for a group

1\. Click on **Create rule**

![](/files/W29FSYcHnUy1BfCijnpl)

2\. Enter the rule name and description (optional)

![](/files/Tzn6ZcGxg2M7RikATqvz)

3\. Select **Group** as Resource Type

![](/files/YTL3iZby33chNv8lRGaO)

4\. Check the Active check box

![](/files/yunlPNFe4e4nWR9AVSzc)

{% hint style="info" %}
The Active check box indicates whether the rule is active or not. The rule is applied only if the check box is checked.
{% endhint %}

5\. In the Actions section, leave the Read option **checked**

![](/files/9qCejXf1WnsdpJXo7rIN)

6\. Add rule conditions

![](/files/j5wshaR6SBFrOuKkeqr9)

<table data-header-hidden><thead><tr><th width="258">Field</th><th>Description</th></tr></thead><tbody><tr><td>Field</td><td>Description</td></tr><tr><td>Logical Operator</td><td><p>Indicates if the conditions are exclusive or inclusive</p><p><br>If AND is selected, the conditions are concatenated using the logical operator AND.</p><p>e.g: <em>Condition1</em> AND <em>Condition2</em> AND <em>Condition3</em></p><p></p><p>If OR is selected, the conditions are concatenated using the logical operator OR.</p><p>e.g: <em>Condition1</em> OR <em>Condition2</em> OR <em>Condition3</em></p><p></p><p><strong>NOTE:</strong> AND and OR operators cannot be used on the same rule.</p></td></tr><tr><td>Resource</td><td>Indicates the resource that the condition will be targeting</td></tr><tr><td>Property</td><td>Indicates the Resource property used on the condition</td></tr><tr><td>Operator</td><td><p>Indicates the operator used on the condition.<br><br>Available operators:</p><ul><li><em>Equals</em>: indicates that the left hand side value of the expression (LH) has to be equal to the right hand side value of the expression (RH)</li><li><em>StartsWith</em>: indicates that LH has to start with the RH value</li><li><em>Contains</em>: indicates that LH contains the RH</li></ul><p><strong>NOTE:</strong> operators are case-sensitive</p></td></tr><tr><td>User</td><td>Represents the current user logged in when the rule is being evaluated</td></tr><tr><td>Attributes</td><td>Displays a list of Qlik Sense user attributes</td></tr></tbody></table>

&#x20;         6a. Select the resource property&#x20;

![](/files/sH4Dg7zgdbeH7NBMmi4U)

&#x20;         6b. Select the operator, e.g. Equals

![](/files/HbdBrBO6nS6IdMm0bQ0z)

&#x20;         6c. Select user

![](/files/TnZpoyzwirP94P7YtmF3)

&#x20;         6d. Select the user attribute, e.g: business\_unit

![](/files/a5nsHFqZWP6VzsJgTodq)

Now if the system needs to display a list of groups, it will interpret the rule as follows: \
\
"*When the group name is equal to the business unit attribute value from the logged in user*\
*Then display the group"*

8\. To add more conditions, click on the **Add condition** button and repeat steps 6a to 6.d.

9\. Click on **Save** button

### Creating a rule for a user

1\. Click on **Create rule**

![](/files/yFCBV6I89QtRTlC5b0fa)

2\. Enter the rule name and description (optional)

![](/files/shFAiyzTLv6Pr1QlHpWl)

3\. Select **User** as Resource Type

![](/files/dRFiyf5yAR9VkNsvsGsv)

4\. Check the Active check box

![](/files/Y3kQmGvsL08DLDTa3mDL)

{% hint style="info" %}
The Active check box indicates whether the rule is active or not. The rule is applied only if the check box is checked.
{% endhint %}

5\. In the Actions section, leave the Read option checked

![](/files/lDc7HAEjrrbJ8UxrJH2g)

6\. Add rule conditions

![](/files/zFKJQxvZPIjfk1keuwvg)

{% hint style="warning" %}
Rule conditions for users are based on the group name of the groups that the user created or belongs to.
{% endhint %}

7\. Click on **Save** button

### Disabling a rule

If you wish to de-activate a security rule when no longer in use, please follow these steps:

1\. Click on the the **Security Rules** left menu option

![](/files/gnNlJ2KbVli2Vxmhj3GK)

2\. Click on the **Edit** icon&#x20;

![](/files/jmxNdFo4OHXIWjvn1yJ0)

3\. Uncheck the Active check box

![](/files/DuboSKmvxP8mpqsB0f6A)

4\. Click on **Save** button

### Deleting a rule

1\. Click on the the **Security Rules** left menu option

![](/files/ReAC69cDFoH8Z4gkA81U)

2\. Click on the **Delete** icon&#x20;

![](/files/rD6er2ZsRp4Nii70VpDp)

3\. A confirmation modal will be displayed. Click on **Delete** button

![](/files/OyzGFPjFlGGPJrZ5mKwo)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.qommentary.com/qommentary-admin-console/administration/security-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.