Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Security Access to Specific App Objects

Hello,

I am currently exploring the security rule section of the QMC, and I am having trouble with App Object Access Rules. I was curious as to

1) Whether it was possible to create a rule allowing access to a specific sheet or bookmark? If so how am I able to identify that specific object in the advanced security rule?

2) How do I create a Security Rule that states only people of a specific group can create Sheets. (essentially the problem I have is how do I refer to all sheets)

Thanks

12 Replies
OmarBenSalem

Hi Jeffrey,

Thanks for the reply, it was a great video !
I followed every step and all went good BUT, with the new customised security rules, I can control the which app is showed depending on your custom property BUT when I open an Application, It appears as if it is Empty :

Capture.PNG

Here are the 2 security rules as configured by Marcus:

1) AppAccess:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and

resource.@AppLevelManagement.empty())

or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.app.stream.HasPrivilege("read"))

2)AppAccessException :

resource.stream.HasPrivilege("read") and ((user.@AppLevelManagement=resource.@AppLevelManagement))

With those 2 rules, I can manage which user can view which app(s), but the apps are EMPTY.

Now If I go back to the original security rule which permits every user to see every app in the stream if they are authorized to view the stream (the rule is called Stream), I notice that there is a line like this:

resource.objectType != "app_appscript" and resource.objectType != "loadmodel"

I tried to change my new customised rule and add that line:

But still, the app is empty:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and

resource.@AppLevelManagement.empty())

or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

and resource.app.stream.HasPrivilege("read"))

I can't figure out what's happening, can you help please? Or tag Marcus to do so? Thanks !

OmarBenSalem

I just added App.Object_* as a ressource filter.

with on only App_* as a resource filter, we can't see any sheet !

with App_*,App.Object_* or App* as a resource filter we can see the sheet.

Originally, when we select as a template for building our rule 'app access', the default resource filter is App_*

With App_* as a resource filter, you won't be able to see the sheets

zssmith1
Partner - Contributor
Partner - Contributor

Hi, the links from your post are not working, they are posted below, can you fix?  Thanks,

Reference to security rules here with samples: http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG...

Here is another that answers your #2 question: http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG...