/
(10.3.0-en) WAC Quickstart
Document toolboxDocument toolbox

(10.3.0-en) WAC Quickstart

Owned by Regan Park
Last updated: 5월 29, 2025

This guide provides a simple walkthrough of how to use WAC, using the QueryPie homepage as an example.

  1. Register the QueryPie homepage as a web app and add some sub-menus under Resources as URL paths.

  2. Create a Policy and a Role that only allow access to these registered URL paths.

  3. Assign this Role to the current user and verify the web app access control functionality.

Notification

This Quickstart guide is based on version 10.2.8.

To follow this Quickstart, you need either Owner or Web App Admin privileges among QueryPie administrator permissions.

Admin-side

1. Registering a Web App

The substructure under /ko/resources on the QueryPie homepage (www.querypie.com) is as follows.

In this quickstart guide, we will register only some of these paths under the web app and then create a policy that allows access only to these registered paths.

/ko/resources/ ├── discover/ │ ├── blog/ (Register) │ ├── webinars/ (Register) │ ├── white-paper/ (Register) │ ├── certifications/ │ └── integrations/ └── learn/ ├── documentation/ (Register) ├── tutorials/ (Register) └── demo/

 

  1. Navigate to the Admin > Web Apps > Connection Management > Web Apps menu.

  2. Click the Create a Web App button to go to the web app registration page.

스크린샷 2025-04-12 오후 10.56.20.png
Admin > Web Apps > Create a Web App

Enter the following information:

  1. Name : QueryPie Web Site

  2. Base URL : www.querypie.com 또는 10.10.10.10:443

    1. Sub-paths (e.g., /ko) cannot be included in the Base URL.

    2. It is recommended to exclude https:// when entering the Base URL.

  3. Description: Enter a description for the web app (e.g., QueryPie Website).

  4. Watermark: Select whether to apply a watermark to the user's browser screen when accessing the web app.

    1. This helps prevent screen leakage by displaying information such as the accessor and access date/time on the browser when the web app is accessed.

    2. This guide will assume it is set to On.

  5. URL Paths: Enter sub-paths (Optional).

    1. In this guide, we will enter sub-paths. Click the + Add Path button to enter the sub-paths.

Path

Path Tag

Path

Path Tag

/ko

for:landing

/ko/resources/discover/blog/*

for:discover

/ko/resources/discover/webinars/*

for:discover

/ko/resources/discover/white-paper/*

for:discover

/ko/resources/learn/documentation/*

for:learn

/ko/resources/learn/tutorials/*

for:learn

Next, enter the remaining information.

  1. User Activity Recording: Whether to record user activity.

    1. Set to On and enable all options.

    2. Excluded URL Paths is for entering paths to exclude from user activity recording. Leave this blank for now.

  2. Tag: Tags for the web app. Leave this blank for now.

  3. Click the Save button to save.

2. Registering a Policy

Next, we will create a policy for the QueryPie website that allows access only to the registered sub-paths.

스크린샷 2025-04-12 오후 11.07.27.png
Admin > Web Apps > Web App Access Control > Policies > Edit Policy Code

  1. Navigate to the Admin > Web Apps > Web App Access Control > Policies menu.

  2. Click the Create Policy button and enter the following in the Create Policy modal:

    1. Name: QP Web Test Click the

  3. Save button to save.

  4. Click the newly created QP Web Test policy to enter its details page, then click the Go to Editor Mode button.

  5. Copy and paste the following content into the editor:

apiVersion: webApp.rbac.querypie.com/v1 kind: WacPolicy spec: allow: resources: - webApp: "QueryPie Web Site" urlPaths: - "/ko" - "/ko/resources/discover/blog/*" - "/ko/resources/discover/webinars/*" - "/ko/resources/discover/white-paper/*" - "/ko/resources/learn/documentation/*" - "/ko/resources/learn/tutorials/*"

  1. Click the Save Changes button, and then click the OK button in the reason input modal to save.

3. Creating a Role

Now, we will create a new role and assign the policy created earlier.

스크린샷 2025-03-30 오후 8.49.11.png
Admin > Web Apps > Web App Access Control > Roles > List Details

  1. Navigate to the Admin > Web Apps > Web App Access Control > Roles menu.

  2. Click the Create Role button and enter the following:

    1. Name: QP Web Test

  3. Click the newly created role to go to its details page > Policies tab. Click the Assign Policies button.

  4. In the Assign Policies modal, select the QP Web Test policy created earlier, click the Assign button to save, and close the modal.

4. Assigning the Role to a User/Group

Now, let's assign the newly created QP Web Test role to the current user.

스크린샷 2025-03-30 오후 8.49.37.png
Admin > Web Apps > Web App Access Control > Access Control > List Details

  1. Navigate to the Admin > Web Apps > Web App Access Control > Access Control menu.

  2. Select the user or group to whom you want to assign the role.

    1. For now, select yourself (the user performing this test).

  3. On the user details page > Roles tab, click the Grant Roles button.

  4. In the Grant Roles modal, select the newly created QP Web Test role and click the Grant button to save.

    1. If the expiration date is not changed, it will be automatically set to one year from today.

Next, to verify that the access policy just created has been applied correctly, we will proceed with the user-side setup.

User-side

1. Installing the Root CA Certificate

  1. While logged into QueryPie, click your profile button in the top right corner, and from the profile menu, click Support > Download Web Secure.

    스크린샷 2024-12-23 오후 12.03.21.png
    QueryPie > Profile Menu

     

  2. The QueryPie Web Secure Download modal will open. Under A. Install Root CA Certificate, click the Download Link in Step 1. to download the certificate file.

    스크린샷 2025-01-16 오후 3.59.57.png
    QueryPie Web Secure Download

     

  3. Follow the Root CA Certificate Installation Guide to install the certificate and configure trust settings.

2. Downloading the Extension

  1. From the QueryPie profile menu, click Support > Download Web Secure.

  2. In the QueryPie Web Secure Download modal, under B. Install Chrome Extension > Step 1., click the Download Link to download the Extension file.

3. Installing the Extension and Configuring the Host

  1. In the Chrome address bar, enter chrome://extensions/.

  2. Enable the Developer mode toggle in the upper right corner of the page.

  3. Drag and drop the downloaded Extension file (without unzipping it) into the extensions area.

    스크린샷 2024-12-19 오후 7.26.26.png
    Chrome > Managing Extensions

     

  4. The Host Configuration page will open in a new tab. Paste your current QueryPie address into the QueryPie Host field and click the Continue button.

    1. If the Host information is valid, a Go to Dashboard button will appear. Click it to open QueryPie in a new tab.

      스크린샷 2024-12-19 오후 7.29.31.png
      Host Configuration Page

Warning

Management is not guaranteed for tabs that were open before installing the WAC extension. There may be issues with access policy enforcement and audit logging.

Please close all existing browser tabs and windows before installing the extension.

4. Accessing the Web App via QueryPie

  1. Click the Go to Dashboard button. A new tab will open, displaying the QueryPie Web console.

    1. If you are currently logged into QueryPie, the Web App Dashboard will open.

    2. If you are not logged in, you will be redirected to the login page. After logging in, click Web Apps in the top menu to access the dashboard.

    3. If the Role selection modal appears, select QP Web Test.

  2. In the Web App Dashboard, under My Apps, you will see the QueryPie Web Site app icon that you registered earlier. Click the icon to access the website.

    스크린샷 2025-04-12 오후 10.43.23.png
    QueryPie > Web Apps > Web App Dashboard

     

  3. Upon first access, a screen will inform you that the current web session is being recorded. Click the Continue button to proceed to the website.

    스크린샷 2024-12-23 오전 11.35.41.png
    Web Session Monitoring Notification

     

  4. You can see that the Watermark is applied to the QueryPie homepage.

     

  5. If you attempt to access a non-allowed page (e.g., the Products menu), you will be redirected to a blocking notification screen.

    스크린샷 2024-12-23 오전 11.30.37.png
    QueryPie Access Denied

     

Admin-side (again)

1. Checking Web App Access History

스크린샷 2024-12-23 오전 11.56.04.png
Admin > Audit > Web Apps > Web Access History

  1. Navigate to Admin > Audit > Web Apps > Web Access History.

  2. You can view the access history for web apps accessed by the current user.

    1. Action Type: The start and end of web app access.

      1. Connect: Access started.

        • Displayed when the web app is accessed. All sub-paths are recorded separately.

      2. Disconnect: Access ended.

        • Displayed when a tab is closed or the user navigates to another page.

    2. Result: Outcome.

      1. Success: Access successful.

      2. Failure: Access failed.

        • Displayed as access failed if blocked by a WAC policy.

2. Checking User Session Recordings

All records of the user accessing the controlled web app and navigating its sub-pages are displayed, based on the web app and role.

Recordings are only kept if User Activity Recording was enabled when the Web App was created.

 

스크린샷 2024-12-23 오전 11.58.05.png
Admin > Audit > Web Apps > User Activity Recordings > Details

 

  1. Navigate to Admin > Audit > Web Apps > User Activity Recording.

  2. Click on a record associated with the current user's name to go to the details page.

  3. In the Event Timeline, you can see the user's activities in chronological order.

    1. Click the filter to view activities by type.

    2. Searchable values are as follows:

      1. Content (clicked text or link)

      2. URL (URL of the page being accessed)

      3. Tab ID (ID of the tab used)

  4. Screenshots of the page the user was actually viewing are captured for each event.