Skip to main content
Announcements
Qlik Community Office Hours, March 20th. Former Talend Community users, ask your questions live. SIGN UP
cancel
Showing results for 
Search instead for 
Did you mean: 
korsikov
Partner - Specialist III
Partner - Specialist III

How to remove the possibility for anonymous users to see objects in the applications created by the community.

interesting task. It is essential that anonymous users can not see the sheets, history, created and published by authorized users.

In QMC section 'appobjects' it's object maked as Approved ='not approved' and Published='published'

Help me find a rule allowing all users who have permission to read the application to see objects published by other users.

1 Solution

Accepted Solutions
korsikov
Partner - Specialist III
Partner - Specialist III
Author

Yippee!

I did it!

All the same, my idea was correct

My security rule "Stream"

Resorce filter  App*

condition

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true")  and resource.app.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

Context Both

Action Read

View solution in original post

12 Replies
Not applicable

Alexander,

Review the following rules:

CreateAppObjectsPublishedApp

Basically this rule allows users who have read privileges on an app can create sheets, stories, bookmarks, and snapshots as long as the user is NOT anonymous.  This is a default rule in Qlik Sense.


CreateApp

This rule allows all users NOT anonymous to create App resources.


OwnerPublishAppObject

Allows owners of their content to publish it.


There are some others but these are the main ones.


I should add that to remove anonymous from being able to read published resources you should be able to alter createAppObjectsPublishedApp rule by adding Read action as well as already selected Create.


jg

korsikov
Partner - Specialist III
Partner - Specialist III
Author

Thanks for the answer.

You can specify how do I change a rule  CreateAppObjectsPublishedApp that would  anonymous user could not see the object issued to authorized users in a published application

Not applicable

I believe you only need to check Read to the rule.  Try it and see what happens when you log in as anonymous.  It's easy to change back if it doesn't work.

2015-08-12 10_28_23-Security rule edit - QMC.png

korsikov
Partner - Specialist III
Partner - Specialist III
Author

What about the rule of "Stream"

I think that it is the rule allows anonymous users to read the applications and objects in these applications in the stream of "Everyone"

the essence of this rule - Allow to create these objects in the applications to authorized users. I do not understand what effect will the installation steps "read"

korsikov
Partner - Specialist III
Partner - Specialist III
Author

I tried to change the rule as you suggested. Did not help. anonymous users access sheet created by an authorized user.

korsikov
Partner - Specialist III
Partner - Specialist III
Author

have idea

change Stream rule

from it

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

to this

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true") or (resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

something like that.

Not applicable

So let's back up.  Is this a change you want to make to only the Everyone stream or to any stream?  What you are putting is what I feel is a lot of extra stuff.  Let me play around and see what I can find.

jg

Not applicable

So Alexander I think I have something that may work.

I made the Stream Security Rule which is an App resource filter rule, a little different.  What I added is bold.

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

Try this and let me know how it goes.

jg

korsikov
Partner - Specialist III
Partner - Specialist III
Author

For stream everyone. 

I have not tested my proposed security rule. not sure that the syntax is correct. I wanted to express the idea, and I think you understand it