Security rule for app copies only

SRL_QSA — Fri, 12 May 2023 15:19:21 GMT

Hi,

I've reviewed content on security rules in Qlik Help online, and multiple posts in Qlik Community on using security rules. We can target the load script and data model for all apps using:

Resource filter: App.Object_*
Resource conditions: resource.objectType="app_appscript" and resource.objectType="loadmodel"

I would like a way to use a security rule to address the specific requirements listed below.

The situation: we have developers who would like to maintain control over their load scripts after their apps are published.

The desired outcome:

- Developer A creates App A and publishes it. Developer A works with sensitive information and has an identified NEED to keep data sources confidential in App A - but not necessarily in other apps they develop (Apps C, D, E, etc.).

- Developer B makes a copy of App A (we will call the copy App B). App B now resides in Developer B's work space.

- Developer B can see/edit all sheets and charts in App B, can add/edit new charts and sheets, etc., but CANNOT see or edit the load script or the data model.

- Developer B can copy Apps C, D, etc. and can see/edit all sheets, charts, load script, data model, etc. in their own copies of those apps.

Approaches we've tried:

1. Can we set up a security rule using a new custom property? Then Developer A could apply that custom property to App A. This doesn't work because custom properties do not carry over from App A (the original) to App B (the copy).

2. Can we set up a security rule using a tag? This doesn't work, either, because tags also do not carry over from the original app to any copies.

Possible approaches:

1. Can we create a security rule that uses a keyword in a load script to accomplish the desired outcome above?

2. Can we create a security rule that uses the presence/absence of a string of zeroes in the Target App ID to apply the restriction only to app copies?

3. Something else?

I appreciate your taking the time to read this any any suggestions on how to accomplish the desired outcome.

For reference, here are some of the posts I've researched so far:

https://community.qlik.com/t5/Official-Support-Articles/Security-Rule-Example-Allow-access-to-Data-Load-Editor-on-an-app/ta-p/1716897

https://community.qlik.com/t5/Official-Support-Articles/Security-Rule-Example-How-to-show-data-model-viewer-for/ta-p/1715232

https://help.qlik.com/en-US/sense-admin/February2023/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/available-resource-filters.htm

https://help.qlik.com/en-US/sense-admin/February2023/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/QSEoW/Administer_QSEoW/Managing_QSEoW/available-resource-conditions.htm

topic Security rule for app copies only in Management & Governance

Security rule for app copies only