Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
AliAzizi
Partner - Creator II
Partner - Creator II
‎2017-07-18 06:23 AM

Limiting access to apps in the Work folder of Qlik Sense

Hi

I've configured access to each stream and different user groups have access only to their own stream and apps. But in the Work folder everybody is able to view all apps, also those belonging to other streams, both published and unpublished apps.

How can I fix it so everybody only views the apps belonging to her/his own stream.

Appreciate any help

1,032 Views
0 Likes
5 Replies
rittermd
Master
Master
‎2017-07-18 08:26 AM

That is a security rule issue.  I had this same issue some time ago.  Unfortunately I don't remember which rule it was.

But it is an easy fix once you find the correct rule to change.  I will see if I can figure it out again.

731 Views
0 Likes
AliAzizi
Partner - Creator II
Partner - Creator II
‎2017-07-18 08:34 AM
Author

In response to rittermd

Hi Mark
Thank you for your response. I'm aware of this is a security rule issue. I've created a rule for each stream that gives users access to the concerned stream. The resource for the stream is defined as:

STREAMNAME, App_*, Aoo.Object_*

so each user only can view a specified stream and apps inside it, but the user at the same time can view all other apps in the "Work" folder. This is my problem I need to resolve.

Appreciate your help.

731 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-07-18 08:38 AM

In response to AliAzizi

I suggest you to do a security rules tuning with "Audit" under "Manage Resources".

It's very useful to quickly understand which are the security rules involved.

731 Views
0 Likes
rittermd
Master
Master
‎2017-07-18 11:28 AM

In response to AliAzizi

You might want to consider using Custom Properties and a single security rule to control who can access each stream or streams. 

If you create a rule for each stream it can get messy and you have many rules to monitor and update.

731 Views
0 Likes
AliAzizi
Partner - Creator II
Partner - Creator II
‎2017-07-21 05:18 AM
Author

Shouldn't the following script limit access to the unpublished apps to the Developer group (*_Dev_Group)?

Means each developer has access and view right to unpublished apps belonging to his own group

(user.group like "*_Dev_Group") and

(resource.resourcetype="App" and resource.App.stream.Empty()) and

(resource.IsOwned() and resource.owner.group = user.group)

*_Dev_Group are AD groups.

731 Views
0 Likes