Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
marcoyukon
Creator
Creator

User Access to only one app in a stream

I have a stream with an AD security group assigned Read rights to it. Now I have a distinct user that only needs access to one of the apps in that stream. It can't find a solution what seems to be a basic security rule request. I tried to create a security rule to allow only access to the app, but if the user doesn't have access to the stream he can't see the app. If I grant the user access to the stream, then all apps in that stream would be visible which is not the desired outcome. Any help would be appreciated. Marco

6 Replies
agigliotti
Partner - Champion
Partner - Champion

you should create a security rule for Apps with read action, see below conditions:

((resource.name="your_app_name") and (user.@Department="IT" or user.@Department="ALL"))

where @Department is a custom property.

marcoyukon
Creator
Creator
Author

I tried that also, but it still did not work.

rachel_delany
Creator II
Creator II

You need to utilise custom properties.

This video https://www.youtube.com/watch?v=feSaaJZ7Jco gives a great overview of how to implement.

GeorgeAposto
Partner - Contributor
Partner - Contributor

Firstly  ,you have to make a rule to give the user access to the stream .

Secondly , you will make 2nd rule(App* and AppObject) and write in the rule code the following :

 

((user.name="[you write here your username]" and resource.id!="[you write here all the app ids which you dont want to be seen]"and resource.id!="[you write here all the app ids which you dont want to be seen]"))

vasilev
Contributor III
Contributor III

Hi George,

I have implemented the both rules (s. images) as you described but I the restricted user still has access of all the apps in the stream. Can you tell me please what I am doing wrong?

2021-02-01_14-50-37_%pn.png

2021-02-01_14-50-51_%pn.png

 

BR,

Rumen

DesarrolloTakyon
Contributor
Contributor

Check if in the Security Rules Section you have this default Rule:

DesarrolloTakyon_2-1642764367729.png

DesarrolloTakyon_1-1642764340908.png

If you read the Security Rule's Description, you'll find that it grants access to every app in the Stream that user has access to.

The tricky thing is, if you have two security rules regarding the same content, one that grants the access and one that denies it, the resulting scenario is that access is granted. In other words, the more permissive rule is the one that "wins". It is not the most intuitive panorama actually.

Try finding this particular rule i show you here, and disable it (NEVER delete a "Default" Owned Security Rule. I think if you do, then the only security rule regarding access to apps is the one you defined.

If you disable it, you have to re-define the access to every app for every single user, which is a bit of a pain in the neck. But, at least i hope this is useful as an example of how security rules work.