https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1522788#M37500 think you need some parens in the user.group part<BR />((user.group=resource.@Group or resource.@Group.empty()) and user.group !="ABCD") Thu, 20 Dec 2018 00:55:20 GMT dwforest 2018-12-20T00:55:20Z https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1520856#M37290 <P>Hi All,&nbsp;</P><P>I have a stream with 20 apps and around 15 user groups who can see all the apps in that stream. Now I need to add new usergroup who can only view 2 apps out of 10 apps.&nbsp;</P><P>I have gone through the video about "Qlik Sense Stream Management Security Rules and Exception Management" which points out one of the way to achieve app level access. However, in my case, it'll be to cumbersome as I need to tag each of 20 apps with 15 usergroups&nbsp; under custom property, which will be lot of maintenance in the future if we're to add more groups.&nbsp;</P><P>I tried the below security rules to restrict app level access, however my existing usergroup&nbsp;is not able to see any app in the stream with the modified rule.</P><P><STRONG>Original:</STRONG></P><P>(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or</P><P>&nbsp;((resource.resourcetype = "App.Object" and resource.published ="true")&nbsp;</P><P>&nbsp;and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet"))&nbsp;&nbsp;and</P><P>&nbsp;((<A href="mailto:user.group=resource.@Group" target="_blank">user.group=resource.@Group</A> or (<A href="mailto:resource.@Group.empty()))" target="_blank">resource.@Group.empty()))</A>)</P><P>&nbsp;</P><P><STRONG>Modified rule:</STRONG></P><P>(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or&nbsp;</P><P>((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet"))&nbsp;&nbsp;&nbsp; and&nbsp;</P><P>(<A href="mailto:user.group=resource.@Group" target="_blank">user.group=resource.@Group</A> or&nbsp;<A href="mailto:resource.@Group.empty()" target="_blank">resource.@Group.empty()</A> and user.group !="ABCD")&nbsp;&nbsp;or</P><P>&nbsp;(user.group = "ABCD" and (app.id = "b393a7ac-c590-4b6c-8c70-3f312d87a6f6"&nbsp; or app.id = "d453a7ac-c590-4b6c-8c65-32d421d87a6f6"))</P><P>&nbsp;</P><P>Appreciate any inputs on how to modify the above rule for app level access.&nbsp;</P><P>&nbsp;</P><P>Thanks,<BR />Rupini</P><P>&nbsp;</P> Sat, 16 Nov 2024 07:02:55 GMT https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1520856#M37290 Rupini 2024-11-16T07:02:55Z https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1522788#M37500 think you need some parens in the user.group part<BR />((user.group=resource.@Group or resource.@Group.empty()) and user.group !="ABCD") Thu, 20 Dec 2018 00:55:20 GMT https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1522788#M37500 dwforest 2018-12-20T00:55:20Z https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1698325#M53456 <P>This community Post shows how to do App, Sheet or Object-Level Security:</P><P><A href="https://community.qlik.com/t5/Qlik-Sense-Documents-Videos/Sheet-or-App-Object-Level-Security-Qlik-Sense/ta-p/1485114" target="_blank">https://community.qlik.com/t5/Qlik-Sense-Documents-Videos/Sheet-or-App-Object-Level-Security-Qlik-Sense/ta-p/1485114</A></P> Fri, 01 May 2020 15:01:03 GMT https://community.qlik.com/t5/App-Development/App-level-Access-in-Qlik-Sense-using-security-rules/m-p/1698325#M53456 ndenicola 2020-05-01T15:01:03Z