https://community.qlik.com/t5/Management-Governance/QS-Security-by-application-user-automated/m-p/2046594#M29569 <P>Hi,&nbsp;</P> <P>Currently we are managing QS security at Stream level. We are loading an Excel file containing User/Stream relationship via User directory connectors. If we create a new Stream we only have to associate the user with the Excel loaded users and the value with the loaded Stream values:&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DireStraits_0-1678259809484.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/102242i0778B56380F748A4/image-size/medium?v=v2&amp;px=400" role="button" title="DireStraits_0-1678259809484.png" alt="DireStraits_0-1678259809484.png" /></span></P> <P>&nbsp;</P> <P>This works perfectly since it allows us to manage Stream/User security in an easy way. Now I'm trying to add security at application level while mantaining the same level of automation. The idea is to create a new file containing User/Application relationship and load this in an automated way. I want to avoid managing users in the qmc..&nbsp;</P> <P>&nbsp;</P> <P>Anyone knows if this is possible?</P> <P>Thanks.</P> Wed, 08 Mar 2023 07:25:15 GMT DireStraits 2023-03-08T07:25:15Z https://community.qlik.com/t5/Management-Governance/QS-Security-by-application-user-automated/m-p/2046594#M29569 <P>Hi,&nbsp;</P> <P>Currently we are managing QS security at Stream level. We are loading an Excel file containing User/Stream relationship via User directory connectors. If we create a new Stream we only have to associate the user with the Excel loaded users and the value with the loaded Stream values:&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DireStraits_0-1678259809484.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/102242i0778B56380F748A4/image-size/medium?v=v2&amp;px=400" role="button" title="DireStraits_0-1678259809484.png" alt="DireStraits_0-1678259809484.png" /></span></P> <P>&nbsp;</P> <P>This works perfectly since it allows us to manage Stream/User security in an easy way. Now I'm trying to add security at application level while mantaining the same level of automation. The idea is to create a new file containing User/Application relationship and load this in an automated way. I want to avoid managing users in the qmc..&nbsp;</P> <P>&nbsp;</P> <P>Anyone knows if this is possible?</P> <P>Thanks.</P> Wed, 08 Mar 2023 07:25:15 GMT https://community.qlik.com/t5/Management-Governance/QS-Security-by-application-user-automated/m-p/2046594#M29569 DireStraits 2023-03-08T07:25:15Z https://community.qlik.com/t5/Management-Governance/QS-Security-by-application-user-automated/m-p/2047679#M29570 <P>Hello&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/174317">@DireStraits</a>&nbsp;</P> <P>Yes, it is possible. I did it using Custom Properties and AD groups.&nbsp;</P> <P>Create a custom property like "AppLevelSecurity" and a<SPAN>dd the AD group names as values&nbsp;</SPAN><SPAN>in the custom property.</SPAN></P> <P>Replace default "Stream" security rule with the following condition:</P> <P><EM>(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")&nbsp;and (resource.@AppLevelSecurity.empty() or resource.@AppLevelSecurity = user.group)) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))</EM></P> <P>And then create a rule binding it to ad group, see the conditions below:</P> <P><EM>((user.group=resource.@AppLevelSecurity ))</EM></P> <P>Please let me know if this is helpful.</P> <P>BR,</P> <P>Eduardo Monteiro</P> Fri, 10 Mar 2023 02:39:14 GMT https://community.qlik.com/t5/Management-Governance/QS-Security-by-application-user-automated/m-p/2047679#M29570 Eduardo_Monteiro 2023-03-10T02:39:14Z