Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
tobgen69
Contributor II
Contributor II

Show datamodel in published apps

Hi,

i would like to change the security settings in QlikSenseServer to give a specific usergroup or for example root and content admins the access on the datamodel in published apps.

Does anyone know how to do this or has already implemented this?

I know that by general this is not intended by the security settings of Qlik but i think this would be a big benefit in understanding the database when using an app which is not yours. The way to duplicate the app and then take a look at the datamodel is no option.

Thanks

1 Solution

Accepted Solutions
Not applicable

Hi Tobi,

to let Users see the Datamodel in published apps, you have to create a user role f.e. "DataModelReader" by creating the following security role:

Recource filter: App_*

Actions: read, update (!!!)

Condition: user.role="DataModelReader"

Context: Both in Hub and QMC (!!!)

Now you have a new user role called "DataModelReader" which you can grant to your users.

Users having that role can see the the link to the data model and to the script. They can open the data model viewer and will see the data model but can not safe any changes.

They can also open the script editor, but they will not see any code -except the standard variable definitions- and they can not safe any changes in the script.

For we already talked to each other and tried that solution, I know this helps

Regards

Sabine

View solution in original post

15 Replies
shraddha_g
Partner - Master III
Partner - Master III

I dnt think it is possible.. Try if you csn find anything in security rules in QMC

tobgen69
Contributor II
Contributor II
Author

Thanks for your reply.

In some of the security rules is mentioned the "App_Appscript" and the "Loadmodel".

This rule is actually given specific users the access to read the specified app-objects. But the Loadmodel and the appscript are explicitly negated. Anyway, removing this part doesnt give the access on the loadmodel.

(resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark")

and user.group like "*dev" and (resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

Any other ideas?

Anonymous
Not applicable

Rather than changing the security rules, I would suggest you to deploy the data model app in their my work area.

tobgen69
Contributor II
Contributor II
Author

So i should duplicate an app and locate it to each user? This would imply that for example if you change something in the datamodel you need to change the 100 duplicates of this app, or do i not understand you properly?

If I do this seems not viable to me.

Vegar
MVP
MVP

A quick but not perfect solution could be to add a picture of the ddata model in an app sheet.

It is not optimal, but it will give your users a feel for the data.

tobgen69
Contributor II
Contributor II
Author

Thanks vegar.lie.arntsen for your idea. I will keep this in mind as an quick overview for some cases, but of course it would be nice to use the full model with all these worthy informations.

Anonymous
Not applicable

It's a great question. If you have 100+ users , This is not a right solution.

If your intended audiences are developers and need only for few of them you can go for it. Otherwise add as  picture inside story is appropriate place.

tobgen69
Contributor II
Contributor II
Author

I found a solution in an other thread:

Re: can't see a peer's data load editor scripts

That means, you only have to change the content admin security rule to work in "hub and qmc".

Works fine for me, tested in QS 3.1.1.

It still has some sideeffects, as for now i can see ALL apps in "my work", but i guess all of this is managable with some more accurate securtiy rules.

Not applicable

Hi Tobi,

to let Users see the Datamodel in published apps, you have to create a user role f.e. "DataModelReader" by creating the following security role:

Recource filter: App_*

Actions: read, update (!!!)

Condition: user.role="DataModelReader"

Context: Both in Hub and QMC (!!!)

Now you have a new user role called "DataModelReader" which you can grant to your users.

Users having that role can see the the link to the data model and to the script. They can open the data model viewer and will see the data model but can not safe any changes.

They can also open the script editor, but they will not see any code -except the standard variable definitions- and they can not safe any changes in the script.

For we already talked to each other and tried that solution, I know this helps

Regards

Sabine