topic Re: Restricting users from publishing app only to specific Data Connections in Connectivity & Data Prep

Restricting users from publishing app only to specific Data Connections

anirban_chakrab — Fri, 02 Apr 2021 08:22:28 GMT

Say, rootadmin creates a set of data Connections.

The users can create their own apps but can only publish the apps to the Data Connections created by rootadmin.

How to achieve that? Please advise.

Re: Restricting users from publishing app only to specific Data Connections

Joan_MARTY_P3 — Mon, 26 Nov 2018 12:43:29 GMT

Hum in term of governance model, I would more take this topic another way.

Rootadmin or equivalent profile should only be the one able to create data connections. You will then avoid to get big pollution on your platform.

Re: Restricting users from publishing app only to specific Data Connections

anirban_chakrab — Mon, 26 Nov 2018 13:04:49 GMT

Ideally yes. But cannot restrict users. Our query with examples below...

RootAdmin
       > Creates Data Connections to specific 'Application Schemas' in database. Connection name say, DConn_APP1, DConn_APP2

Each user
       > Creates Data Connections to their 'own schemas' in database and can create apps. Connection name say: DConn_BOB, DConn_JOHN
       > Creates apps using the Data Connections DConn_APP1, DConn_APP2 which are created by rootadmins
       > But, can only publish their Apps if their Apps are using connections DConn_APP1, DConn_APP2

Re: Restricting users from publishing app only to specific Data Connections

Joan_MARTY_P3 — Mon, 26 Nov 2018 13:14:55 GMT

The point is that you are not able through standard functionalities from QMC to set up security rule based on the free text from loading scripts.

The only capability I see to follow you objective would be to read the script from the application using APIs and then to have a boolean allowing or not publication of the app...

This seems to be a bit tricky to set up some kind of check list without dedicated feature development out of the platform.

Other solution would be to set up a check list priori being able to publish an application. It should be more a process constraint than a tool constraint. Delegation of the responsability to the end user willing to publish.

Then on platform admin side, having a bot running through your applications and scanning the scripts. I a script is not conform, application is removed (or place in quarantine) and end user informed.

In all case, there no simple way to scan used data connections in apps with simple security rules

Re: Restricting users from publishing app only to specific Data Connections

anirban_chakrab — Thu, 29 Nov 2018 07:04:28 GMT

Thanks for the advice.