topic Re: Restrict access in applications management level in Management & Governance

Restrict access in applications management level

LanCao — Tue, 27 Aug 2019 10:05:02 GMT

Hello there,

I followed the video link https://www.youtube.com/watch?v=feSaaJZ7Jco and met with a problem.

In QMC for each stream, we have already applied specific rules like certain user with a name like 'ABC' can access this stream. And then I have set up Security Rules according to the Video (screenshot below). The problem right now is that Users who should have access to the stream but don't have Customer Property 'AppLevelMgmt' can not see any APPs now. Even before I set any App with the 'AppLevelMgmt' property.

(The only difference I have with the video is that I didn't set up the "@Group" Security Rule since it is already set differently in every stream)

Could anyone please help find the problem I have? Thanks in advance.

Lan

Re: Restrict access in applications management level

LanCao — Fri, 30 Aug 2019 13:38:07 GMT

I have checked several posts with similar questions. But couldn't yet find a solution for my case. Looking forward to someone's help. 🙂

Re: Restrict access in applications management level

sasikumar — Fri, 06 Sep 2019 07:04:58 GMT

hi @LanCao,

following steps to hide app from stream using Custom property

step 1 : Create Custom Property

step 2 : Disable the Security rule, named as “Stream”

Step 3 : Creating security Rules to Hide app from stream

Rule 1:

Custom template : App access

Name: Custom-Stream Rule

Description: Allow users to see/read resources if they have read access to the stream it is published to.

Actions: Read

Resource filter: Edit the Resource filter App_* as App*

Context: Both in hub and QMC

Conditions:

(

resource.resourcetype = "App"

and resource.stream.HasPrivilege("read")

and resource.@AppLevelRestrict.empty()

)

(

resource.resourcetype = "App.Object"

and resource.published = "true"

and resource.objectType != "app_appscript"

)

and resource.app.stream.HasPrivilege("read")

)

Rule 2 : Custom template : App access

Name: Custom-Apps Exception Rule

Description: Allow users to see apps with exception properties if they also have the same exception properties at the user level.

Actions: Read

Resource filter: Edit the Resource filter App_* as App*

Conditions:

resource.stream.hasprivilege("read") and ((user.@AppLevelRestrict=resource.@AppLevelRestrict))

Context: Both in hub and QMC

Assign AppLevelRestrict custom property to Apps
Assign AppLevelRestrict custom property to Users

this is works for me

does it works for u?

Thanks,

Sasikumar

To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Re: Restrict access in applications management level

LanCao — Fri, 06 Sep 2019 11:33:12 GMT

Hello @sasikumar ,

Thanks a lot for your kind feedback.

I notice that if comparing to your method, I have missed one condition: ( and resource.objectType != "app_appscript") in the Security_Rule. I can only test this out next week, will then write here my results.

Best,

Lan