https://community.qlik.com/t5/Management-Governance/Security-Rules-setup-for-User-Admin/m-p/2072148#M29649 <P>Hi all,</P> <P>I am create a User Admin to manage stream access, user roles/custom properties and license allocation. He should only have QMC access but not be able to see any streams/apps in the hub.</P> <P>To segregate stream allocation I have create a custom property that group the users. Dashboards are allocated to this group. The idea is to simplify stream allocation. When a new user on boards, the User Admin will only need to allocate this custom property and he will have access to the streams allocated to his group.</P> <P>&nbsp;However, I found a loop hole where the user admin can just allocate himself a group and will be able to see the streams in the hub.</P> <P>Anyone has any thoughts on how I can prevent this? Is this the best way to design a user admin?</P> <P>Was thinking of a few methods but am not sure how to execute them:</P> <P>1. Restrict user admin access to users by their user directory</P> <P>2. Create rules to hard stop user admins from accessing hub</P> <P>&nbsp;</P> <P>Current rules for my User Admin:</P> <P>QmcSection_Stream, SystemRule*,Stream_*,User_*, QmcSection_User,QmcSection_License,License*</P> <P>Read, Update, Delete</P> Wed, 29 Jan 2025 16:09:22 GMT Poh 2025-01-29T16:09:22Z https://community.qlik.com/t5/Management-Governance/Security-Rules-setup-for-User-Admin/m-p/2072148#M29649 <P>Hi all,</P> <P>I am create a User Admin to manage stream access, user roles/custom properties and license allocation. He should only have QMC access but not be able to see any streams/apps in the hub.</P> <P>To segregate stream allocation I have create a custom property that group the users. Dashboards are allocated to this group. The idea is to simplify stream allocation. When a new user on boards, the User Admin will only need to allocate this custom property and he will have access to the streams allocated to his group.</P> <P>&nbsp;However, I found a loop hole where the user admin can just allocate himself a group and will be able to see the streams in the hub.</P> <P>Anyone has any thoughts on how I can prevent this? Is this the best way to design a user admin?</P> <P>Was thinking of a few methods but am not sure how to execute them:</P> <P>1. Restrict user admin access to users by their user directory</P> <P>2. Create rules to hard stop user admins from accessing hub</P> <P>&nbsp;</P> <P>Current rules for my User Admin:</P> <P>QmcSection_Stream, SystemRule*,Stream_*,User_*, QmcSection_User,QmcSection_License,License*</P> <P>Read, Update, Delete</P> Wed, 29 Jan 2025 16:09:22 GMT https://community.qlik.com/t5/Management-Governance/Security-Rules-setup-for-User-Admin/m-p/2072148#M29649 Poh 2025-01-29T16:09:22Z