topic Yet another sheet access protection in App Development

Yet another sheet access protection

patricesalem — Sat, 15 Feb 2020 00:29:01 GMT

Hello

I've been working hours to try to hide a sheet from an app containing a Vizlib extension (as all users don't have access to it.

I've been reading Qlik article and also @rohitk1609 posts and white paper.

I have also gone through a very good video explaning also how to create a new stream and use custom properties.

Nevertheless, I want to keep working off my everyone stream in which I have 3 apps : Target, Volumes and test.

In test (duplicate of volumes), I have 12 sheets and one of them is called VIZLIB and I would like to give access to this sheet only to 10 users.

I'm the owner of Volumes and test. I'm not the owner of Targets. Users are managed through AD.

I have disabled the original Stream:

(if I disable StreamEveryone then the everyone stream disappears - conditions = !user.IsAnonymous())

I have then created a new security rule and tried to hide test to myself (before trying to hide the sheet VIZLIB in it).

The condition is :

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and RESOURCE.NAME = "test")) and
(user.Name = "My Name") and resource.app.stream.HasPrivilege("read")))

The only result of disabling the initial stream is that Targets don't appear anymore (I'm not the owner of it).

Both Volumes and test are still there maybe because I'm the owner. I tried to deactivate the owner rule - impossible.

Any help would be greatly appreciated

thanks

Re: Yet another sheet access protection

rohitk1609 — Sat, 15 Feb 2020 04:12:32 GMT

Hi,

StreamEveryone security rule seems like a fix to resource level security concept which depends on disabling Stream rule.

Earlier when you disable Stream default rule it was affecting Everyone stream too.

Now come to the hiding sheet:

You are right when you say you Both Volumes and test are still there maybe because I'm the owner.

Best way to test security rules is , test with another user rather than your own.

you should write three level of rules, stream level, then app level at last apps object level and in app objects, you should write lets say user =Rohit and sheet!=Sheet1 rather than user =Rohit and sheet=Sheet2. Please avoid the syntax , it is just to explain the approach.

Please refer my doc how I created these rules.

Thanks,

Rohit

Re: Yet another sheet access protection

patricesalem — Sat, 15 Feb 2020 08:22:33 GMT

Thanks for the head up Rohit - I will try with a user login...

Nevertheless, I don't understand why I don't see the Target app after having creating new stream and stream app rules.

Do you have a tip to give me ?

thanks