topic Re: Custom Security Rule for a data connection in App Development

Custom Security Rule for a data connection

ali_hijazi — Thu, 08 Dec 2022 15:14:02 GMT

Hello; I'm working on Qlik Sense
we have several data connections defined
also there are several security rules defined on data connections (general security rules i.e. not specific to a data connection) and these security rules have DataConnection_* as resource filter.

so now if I create a new data connection, these general security rules will be automatically applied to it

now for this new data connection I don't want these security rules above to be applied on it; and I want to create a new associated rule
I tried to delete one of the general security rules above inside the properties of the data connection , but this will delete it from security rules, not from the data connection itself

is there a way to disable security rules on a specific data connection and make only the associated one applied?

Kindly advise

Re: Custom Security Rule for a data connection

rubenmarin — Thu, 08 Dec 2022 17:32:08 GMT

Hi, to your general question: No, if any rule gives the permission, the permission is granted, you can't add rules to deny permission, only to give, and if a rule is applied to DataConnection_* it will applied to all connections.

You can edit the current rules to add a condition like and !(Resource.Name="DataConnectionName") so the rule returns false on that new data connection.

If it's not something very special I would advide to use custom properties to comfigre rules so you can use a condition like !(Resource.@CustomProperty="PropertyValue"), so if there more than one data connection with this behaviour it will be applied to all the data connection with this custom property value.

Re: Custom Security Rule for a data connection

ali_hijazi — Fri, 09 Dec 2022 07:24:06 GMT

Hi @rubenmarin
thank you for your prompt reply
ok I'm creating a custom property named CanConsume with Values = Yes, No which I give it to users
so this data connection will be visible to users in the Hub if the user has the CanConsume = Yes (I'm giving example)
so the security rule (associated rule) will have as condition user.@CanConsume = "yes" and Action is READ

so the above security rules (DataConnection_*) will grant access but the associated rule at the end will break this rule and give access only to users with CanConsume = "yes"
Am I right?

Re: Custom Security Rule for a data connection

rubenmarin — Fri, 09 Dec 2022 07:37:23 GMT

Hi @ali_hijazi, no, as said above "if any rule gives the permission, the permission is granted", you need to edit or disable the previous rules to prevent them to give permissions you don't want to give.

Or don't create another rule, just add and user.@CanConsume = "yes" to the other rules to set this condition in all rules.

Re: Custom Security Rule for a data connection

ali_hijazi — Fri, 09 Dec 2022 12:18:41 GMT

so what is requested from me is not doable
I cannot treat a data connection separately; it has to follow rules defined before
your suggestion is not feasible; I cannot disable previous rules nor can I add the CanConsume property to previous rules; because only this new data connection needs to be treated separately so that only a group of users can read it