https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/138982#M2201 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I created a new customised content admin role to segregate content admin users to manage their own resources. I need the custom content admin to be able to create new stream and manage the security access rule for the stream he/she created/owned. However the custom content admin is still able to edit the security rule for read-only streams although other sections within the stream remained as read-only. Has anyone done this before? Appreciate advise from the experts out there. </P><P></P><P>Here are the security rules i have created:</P><P></P><P><STRONG>CustomContentAdmin</STRONG></P><P></P><P><STRONG>Resource filter -</STRONG> Stream_*,App*,ReloadTask_*,UserSyncTask_*,SchemaEvent_*,User*,CustomProperty*,Tag_*,DataConnection_*,CompositeEvent_*,Extension_*,ContentLibrary_*,FileExtension_*,FileExtensionWhiteList_*</P><P><STRONG>Actions -</STRONG> Create, Read, Update, Delete, Export, Publish, Duplicate, Approve</P><P></P><P><STRONG>Conditions:</STRONG></P><P>((user.roles="CustomContentAdmin" and resource.app.@UserGroup=user.@UserGroup or resource.@UserGroup=user.@UserGroup))</P><P></P><P><STRONG>CustomContentAdminStream&nbsp; </STRONG>(Note: If I dont add this rule the custom admin will not be able to create new stream and only able to see and manage the stream he/she owned)</P><P></P><P><STRONG>Resource filter</STRONG> - Stream*</P><P><STRONG>Actions</STRONG> - Create, Read, Publish, Change owner</P><P><STRONG>Conditions</STRONG></P><P>((user.roles="CustomContentAdmin"))</P><P></P><P><STRONG>CustomContentAdminRuleAccess</STRONG></P><P></P><P><STRONG>Resource filter</STRONG> - SystemRule_*</P><P><STRONG>Actions</STRONG> - Create, Read, Update</P><P><STRONG>Conditions</STRONG></P><P>user.roles = "CustomContentAdmin"</P><P>and resource.category = "Security" and (resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}")</P><P></P><P>Thank you.</P></BODY></HTML> Fri, 26 Oct 2018 06:54:36 GMT wailengwoo 2018-10-26T06:54:36Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/138982#M2201 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I created a new customised content admin role to segregate content admin users to manage their own resources. I need the custom content admin to be able to create new stream and manage the security access rule for the stream he/she created/owned. However the custom content admin is still able to edit the security rule for read-only streams although other sections within the stream remained as read-only. Has anyone done this before? Appreciate advise from the experts out there. </P><P></P><P>Here are the security rules i have created:</P><P></P><P><STRONG>CustomContentAdmin</STRONG></P><P></P><P><STRONG>Resource filter -</STRONG> Stream_*,App*,ReloadTask_*,UserSyncTask_*,SchemaEvent_*,User*,CustomProperty*,Tag_*,DataConnection_*,CompositeEvent_*,Extension_*,ContentLibrary_*,FileExtension_*,FileExtensionWhiteList_*</P><P><STRONG>Actions -</STRONG> Create, Read, Update, Delete, Export, Publish, Duplicate, Approve</P><P></P><P><STRONG>Conditions:</STRONG></P><P>((user.roles="CustomContentAdmin" and resource.app.@UserGroup=user.@UserGroup or resource.@UserGroup=user.@UserGroup))</P><P></P><P><STRONG>CustomContentAdminStream&nbsp; </STRONG>(Note: If I dont add this rule the custom admin will not be able to create new stream and only able to see and manage the stream he/she owned)</P><P></P><P><STRONG>Resource filter</STRONG> - Stream*</P><P><STRONG>Actions</STRONG> - Create, Read, Publish, Change owner</P><P><STRONG>Conditions</STRONG></P><P>((user.roles="CustomContentAdmin"))</P><P></P><P><STRONG>CustomContentAdminRuleAccess</STRONG></P><P></P><P><STRONG>Resource filter</STRONG> - SystemRule_*</P><P><STRONG>Actions</STRONG> - Create, Read, Update</P><P><STRONG>Conditions</STRONG></P><P>user.roles = "CustomContentAdmin"</P><P>and resource.category = "Security" and (resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}")</P><P></P><P>Thank you.</P></BODY></HTML> Fri, 26 Oct 2018 06:54:36 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/138982#M2201 wailengwoo 2018-10-26T06:54:36Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/138983#M2202 <HTML><HEAD></HEAD><BODY><P>Resolved the issue by adding the following condition in bold in the rule</P><P></P><P><SPAN style="display: inline !important; float: none; background-color: transparent; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: bold; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Rule name: CustomContentAdminStream</SPAN></P><P style="color: #3d3d3d; font-family: &amp;font-size:13px; font-style: normal; font-weight: 400; text-align: left; text-indent: 0px; border-color: #3d3d3d; border-style: none;"><STRONG style="font-family: &amp;font-size:13px; font-style: normal; font-weight: bold; border-color: #3d3d3d; border-style: none;">Resource filter</STRONG> - Stream*</P><P style="color: #3d3d3d; font-family: &amp;font-size:13px; font-style: normal; font-weight: 400; text-align: left; text-indent: 0px; border-color: #3d3d3d; border-style: none;"><STRONG style="font-family: &amp;font-size:13px; font-style: normal; font-weight: bold; border-color: #3d3d3d; border-style: none;">Actions</STRONG> - Create, Read, Publish, Change owner</P><P style="color: #3d3d3d; font-family: &amp;font-size:13px; font-style: normal; font-weight: 400; text-align: left; text-indent: 0px; border-color: #3d3d3d; border-style: none;"><STRONG style="font-family: &amp;font-size:13px; font-style: normal; font-weight: bold; border-color: #3d3d3d; border-style: none;">Conditions</STRONG></P><P style="color: #3d3d3d; font-family: &amp;font-size:13px; font-style: normal; font-weight: 400; text-align: left; text-indent: 0px; border-color: #3d3d3d; border-style: none;">((user.roles="CustomContentAdmin" <STRONG>and resource.owner.name=user.name))</STRONG></P></BODY></HTML> Tue, 30 Oct 2018 04:05:35 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/138983#M2202 wailengwoo 2018-10-30T04:05:35Z https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/1807621#M19432 <P>I have the same issue.</P><P>But i can't restrict access Custom user role to&nbsp;<SPAN>manage the security access rule for the stream he/she created/owned.</SPAN></P><P>Rule allow access to&nbsp; all Streams security rules or no one.</P><P>For example</P><P><STRONG>Stream_TORulesAccess</STRONG></P><P><STRONG>Resource filter</STRONG><SPAN>&nbsp;</SPAN>- SystemRule_*, Stream_*</P><P><STRONG>Actions</STRONG><SPAN>&nbsp;</SPAN>- Create, Read, Update,Delete</P><P><STRONG>Conditions</STRONG></P><P>&nbsp;(user.roles = "Stream_TO"&nbsp;<BR />and (resource.category = "Security" and resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}"))</P><P>&nbsp;</P><P>its allow to create and edit secity rules for all streams</P><P><STRONG>Stream_TORulesAccess</STRONG></P><P><STRONG>Resource filter</STRONG><SPAN>&nbsp;</SPAN>- SystemRule_*, Stream_*</P><P><STRONG>Actions</STRONG><SPAN>&nbsp;</SPAN>- Create, Read, Update,Delete</P><P><STRONG>Conditions</STRONG></P><P>&nbsp;(user.roles = "Stream_TO"&nbsp;<STRONG>&nbsp;and resource.owner.userId=user.userId&nbsp;</STRONG><BR />and (resource.category = "Security" and resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}"))</P><P>&nbsp;</P><P>it's rule not works.&nbsp;</P><P>Early thanks for any advice</P> Thu, 13 May 2021 10:33:53 GMT https://community.qlik.com/t5/Management-Governance/Security-rule-to-manage-stream-access-rule/m-p/1807621#M19432 korsikov 2021-05-13T10:33:53Z