Any new stream which is created are default hidden.

Example: In your example a new stream is created 'Finance' and user Bob cannot see the stream by default.

After you add him to the security rules in QMC, he can access the stream.

Hope this answered your question

Thank you

but that will required system admin to add both access for stream and app.

if we can authorization stream base APP, then the mgmt work loading will be more easier

but base my understand in Qliksens SR, it was match rule with resouce one by one,

you can not get the stream object from the app object, and also can not refer to sub-app from stream,

so I think it will not work in this way

Hi, I´d like to achive the same thing: Stream is visible in case the user has access to at least one app of the stream (managed by custom properties).

The explanation above tells it wouldn´t be possible.

Can anybody confirm? Or is there a solution?

Regards, Thomas

Hi Thomas,

no, it is possible with Custom Properties.

You will need a Custom Property that is applied to the Apps, Streams and Users

On the Security Rules side, you'll need to deactivate the default Stream rule and create a new one that forces the match user.@CP = resource.@CP

You can choose to have a single rule o multiple rules to govern Stream access, but basically you'll need to have the condition stream.@CP = user.@CP

Finally, you'll need to apply the @CP to the users

Due to its nature, I believe this CP should have 'app' value (so you should apply the same value only to a single app, not many)

The "pitfall" in this case is that Section Access can't guide the visibility, so you'll still need to manage it to restrict app access/data visibility

Hope this helps,

Riccardo

Hi Riccardo,

you wrote to create a security rule like user.@CP = resource.@CP.

In my case I don´t want to have @CP assigned to the stream but to (some) apps of the steam.

Does the security rule (with resource.@CP) really work on the stream ressource although the the steam has no @CP assigned?

Maybe you can confirm. For sure I´ll try to check it on my own.

Thanks, Thomas

Hi Thomas,

sorry, I didn't explain myself enough.

The @CP on the Stream helps you to have a single rule for all the Streams instead a single rule for each Stream

So yes, you can avoid using the @CP on the Stream but you'll need to manage N-rules

Riccardo

Hi Riccardo,

maybe there is a misunderstanding. Let me give you an example.

I´ve a stream "Stream 1" which contains App A1 with @CP_App="Finance" and A2 with @CP_App="Sales" and A3 with @CP_All = "Finance" and "Sales" (both).

In "Stream 2" there is App A4 with @CP_App = "Finance". Users are also assigend to same @CP_App.

I have a security rule which defines app read access with user.@CP_App = app.@CP_app. But this alone doesn´t give access to the stream.

Now I want to have a security rule which gives read-permission in case a users has access to at least one app of the stream.

In the give example finance users should have access to "Stream 1" and "Stream 2", sales users to "Stream 2" only. The point is, I don´t want to maintain a separate @CP for stream access, because it should be inherited from apps.

I don´t think this possible. I couldn´t find a way. Do you think this could be realised?

Regards, Thomas