topic Re: Sheet level security not working in Management & Governance

Sheet level security not working

roisolberg — Sat, 16 Nov 2024 04:35:39 GMT

Hi All,

I've created some security rules for the stream and apps successfully.

i have defined which users can see which streams and also which apps inside the stream.

now i am trying to create sheet level security so the user can only see one of the sheets.

I've tried to do so using a few different manuals such as:

https://community.qlik.com/t5/Qlik-Sense-Enterprise-Documents/Sheet-or-App-Object-Level-Security-Qlik-Sense/ta-p/1485114

https://community.qlik.com/t5/Qlik-Sense-Deployment-Management/Sheet-Level-Access-with-Custom-Property/m-p/1254755

and more..

The rule that i have defined is supposed to give access to the user 'Brain Paul' for only 1 sheet "R&D Projects" in 1 app.

The rule:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(user.name="Brian Paul" and resource.objectType="sheet" and resource.name="R&D Projects")

))

the rules seems fine and it has been validated and when i press preview this is what i get:

but when i enter the model with Brian's user i can see all of the sheets.

any ideas?

Thanks,

Roi

Re: Sheet level security not working

roisolberg — Wed, 25 Sep 2019 13:39:11 GMT

Solved.

i've added and (resource.objecttype!="sheet" ) to my custom stream rule,

then created a new custom property of UserFilter and created 2 new security rules for app*:

((resource.resourcetype="App.object" and resource.published="true") and resource.app.stream.hasprivilege("read") and resource.objecttype="sheet" ) and (resource.name="R&D Projects" ) and (user.@UserFilter="RnD")

((user.@UserFilter="None")) and resource.published ="true"

of course i gave the desired users the correct filter and now it works.

Re: Sheet level security not working

vegard_bakke — Fri, 27 Sep 2019 12:02:02 GMT

Hi Roisolberg,

Could you please post your Resource filer, Actions and full Conditions for you custom stream rule?

I'm trying to add the same condition to remove the sheet, but then my stream does not appear. So something is different, and I'd like to find out what. 🙂

Re: Sheet level security not working

roisolberg — Wed, 02 Oct 2019 15:00:27 GMT

Hi @vegard_bakke ,

First, i've created 3 custom properties:

Group (this will be used for stream level access)

ApplevelMgmt (this will be used for sheet level access)

UserFilter (this will be used for App level access)

then, i went to the security rules:

iv'e disabled the default stream rule,and set up a few new rules

1. create the rule that a group could see only the stream related to that group

2. this is replacing the default steam rule (After modification)

Condition - (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet" ))

3. this rule is used for filtering apps in streams

4. this rule is used for filtering sheets in apps

5. after rule number 4 i had a problem that every developer was seeing other developers app on the work stream so i made this last rule and it resolved the issue:

Of course i assigned to the stream, users and apps the correct attributes according to my plan and this worked out great for me.

hope it will be the same for you, Good luck!

Re: Sheet level security not working

alis2063 — Wed, 24 Jun 2020 16:00:45 GMT

what the difference between Point 1 & Point 2 then ?as both are replacing the by defalut Stream & Apps rule .

You mean to say that default rule take care of Stream & Apps level at single instance using single rule (default)??

Regards,

Ali

Re: Sheet level security not working

alis2063 — Wed, 24 Jun 2020 16:32:19 GMT

does RULE no 5 will affect the sheet level security??