Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
agigliotti
Partner - Champion
Partner - Champion
‎2017-04-06 06:11 AM

Qlik Sense security rule problem

Hello,

I'm using version 3.2 SR2 and I modified the following security rule:

CreateAppObjectsPublishedApp

adding the below condition :

and (user.group="role_dev" or user.group="role_ext")

---

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")

---

However I noted a user not belonging to the "role_dev" or "role_ext" is able to create app objects ex. sheet object.

Is it a BUG ???

Please let me know asap.

Many thanks in advance for your time.

Best Regards

Andrea

5,917 Views
0 Likes
21 Replies
agigliotti
Partner - Champion
Partner - Champion
‎2017-04-07 04:03 AM
Author

In response to Gysbert_Wassenaar

if you see here I expected to be unable to create (C) objects for this user and app.

or i'm wrong ???

securityRules_04.png

1,018 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-04-10 03:21 AM
Author

definitely I'm going to create a new case on support portal to fix this issue.

1,018 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-04-11 10:24 AM
Author

good news for Qlik and for customers of course!

after some try I understand the rule actually it's working as expected, because the user is not able to create app objects even if the button ex. (create new sheet) is shown.

what's happening is the user create a new sheet, but after page refreshed the sheet created disappear in according with the security rule associated.


i think Qlik should improve this behavior hiding the corresponding HTML element.

i hope it's clear.

3,668 Views
Anonymous
Not applicable
‎2017-06-07 06:44 AM

In response to agigliotti

Hi Andrea,

I have wrote a rule to restrict the duplication of sheets but only after refreshing the page the created sheet disappear.

So I want to disable the edit button when the user using Qlik sense. How to achieve this ?

1,020 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-06-07 08:46 AM
Author

In response to Anonymous

Hi Nivetha,

I'm sorry but i can't help you on this topic because nobody asked me to do it.

Please let me know if you find something about this request.

BR

Andrea

1,020 Views
0 Likes
MK9885
Master II
Master II
‎2017-06-07 09:19 AM

In response to Anonymous

Disable the CreateAppObjectsPublishedApp rule in Security Rules.

this will disable the Edit option for users

Note: this will disable for all users.

If you like to enable for few users then you'd have to write new rule with App Object* as filter in Rules

!resource.App.stream.Empty() and

resource.app.@SecurityApp="YOURAPPNAMEHERE" and

resource.name!="YOURSHEETNAMEHERE" and

(resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or  resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.name="ADDYOURUSER1HERE")

and

(user.name!="ADDYOURUSER2HERE")

the above rule is advance level and this will enable EDIT for only 2 users and only for 1 Sheet.

Captur1e.PNG

1,020 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-08-25 10:47 AM
Author

in version June 2017 Patch 1 the button "create new sheet" is no more visible according to the security rule policy.

the UI improvement finally has been done.

1,020 Views
0 Likes
Not applicable
‎2017-09-22 10:28 AM

In response to agigliotti

Hello Andrea,

You condition indicated. Is correct ??

Please help me. Thanks


adding the below condition :

and (user.group="role_dev" or user.group="role_ext")

---

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")

---

1,020 Views
0 Likes
Anonymous
Not applicable
‎2017-12-18 01:07 AM

In response to

Hello All

I really need help on this one!!

In my environment, there are 5 users.. who have the same access. But somehow two of them able to create the sheet however others do not have access to create the sheet

The "CreateAppObjectPublished" rule is not disabled.

Please help me in this.. I am really confused in this

Regards

DC

1,020 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2017-12-18 03:37 AM
Author

In response to Anonymous

as gwassenaar‌ said above first check what is going on using Audit.

There you'll find the reason why.

1,020 Views
0 Likes