Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi Dear Qlik Community
I'm triyong to create a Security Rule to grant access to update published apps to some users (Like to executive users) , i copied the Stream Defaul Security rule to make the new rule but not works
The rule has the following properties
Resorce filter: App*
Actions: read, update
Condition:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin"
) or ((resource.resourcetype = "App.Object" and resource.published ="true"
and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
Additionally, i cretaed an adtional rule for normal users (Onlye read)
Resorce filter: App*
Actions: read
Condition:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup != "Admin"
) or ((resource.resourcetype = "App.Object" and resource.published ="true"
and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
Additional info:
1) The standar Stream Security Rule was disabled
2) I created a Custom Property for user and apps, with values "Admin"
3) The users that need update the published apps has the custom property "Admin"
4) One o the "Admin" user is the owner app
The problem is that all users can update the published apps
Hi,
I'll try to redo all this and see what's the problem here
I'd break out your selection criteria into logical parts. Example:
Before:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin" ) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
After:
((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))) and user.@UserGroup = "Admin"
Or you could just separate out the update functionality to a separate rule. Since rules are additive then it will add on to the previously configured permissions. That's generally easier than managing two different rules.
Why do you want the update right? To expose the DLE? Expose the data model?
Hi ltu
I create one Rule with the following attributes
Name: Stream Admin
Resorce filter: App*
Actions: read, update
Condition:
((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))) and user.@UserGroup = "Admin"
This rule worked fine for me, but i need an extra rule to the user thah does not have the custom property UserGroup = "Admin" the rule will be used for the "reader" user on published Apps. I tried with this
Name: Stream Reader
Resorce filter: App*
Actions: read
Condition:
((resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@UserGroup.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))
But not works, the users that not have custom property UserGroup = "Admin" can edit the Published App