topic Re: Stream Security Rule in Management & Governance

Stream Security Rule

Martin22 — Wed, 29 Jan 2025 16:38:32 GMT

Hi there,

I am trying to implement something on Qlik Sense to help users, but I haven't find a solution yet : the goal is to create a stream where users can edit apps almost the same way they could in their personal work spaces.

I know that they are supposed to do so in their personal work spaces, and that there will always be things you can't do in published apps, but the objective here is to create a stream allowing multiple users to work (and back-up each other) on the same apps : they must be able to directly create and edit sheets, without the need to get the sheets approved by an admin.

I have read multiple posts on the subject, but I didn't find an exact answer to what I need :

I succeeded in allowing users to edit the apps by creating a security rule with the App_Objects (and create, read, update, publish, delete selected), but as a result I can edit the apps everywhere, and I would like to restrict this to only one stream.

Adding conditions such as : (resource.resourcetype = "Stream" and resource.name = "StreamName") doesn't work.

Can you please tell me what I'm missing ?

Regards,

Martin.

Re: Stream Security Rule

rohitk1609 — Tue, 15 Mar 2022 13:50:28 GMT

You should create three rules

Stream, apps and app objects template and then try.

Update is the action you need for sure but please check Update won't enable any other object edit way.

You can try to use custom properties to simplyfy your rules

resource.resourcetype = "Stream" rule won't affect on HUB. You have to deal with Apps objects rule with stream name.

Regards,
Rohit

Re: Stream Security Rule

Sivapriya_d — Tue, 15 Mar 2022 14:46:15 GMT

you can try creating one rule for Stream and one for Appobjects.
Stream Security Rule
In the resource filter you can give Stream_<StreamID>
For Appobject rule , In condition you can mention something like
resource.App.stream.name = "StreamName"

Re: Stream Security Rule

Martin22 — Wed, 16 Mar 2022 09:01:15 GMT

Hi,

Thx for the replies, here is what I did :

-I created a first rule with Stream_Id as resource filter, Read Update and Publish as selected, and user.name=UserName as condition.

-I then created a second rule with App.Object_* as resource filter, Read Update and Publish as selected, and ((resource.App.stream.name="StreamName")) as condition.

I got what I wanted on the SharedWorkStream, my test user can create and edit sheets in the apps.

However, in the other streams, where users should only be able to read apps, the test user can't see the sheets in the apps anymore. The test user is also able to create and edit new sheets in these apps, where he shouldn't be able to.

I guess I'm still missing a part in my rules, do I need to create a new rule limiting to "read" for apps outside of the ShareWorkStream, or should I edit the two rules with something else ?

Regards,

Martin.

Re: Stream Security Rule

Sivapriya_d — Thu, 17 Mar 2022 15:44:54 GMT

Did you check the associated security rules for the other streams?

Re: Stream Security Rule

Martin22 — Thu, 17 Mar 2022 16:05:12 GMT

Yes, there is nothing special on the other stream : the default rules (OwnerPublishDuplicate, SecurityAdmin, ContentAdmin), and a "read" rule I put for my test user.

Regards,

Martin.

Re: Stream Security Rule

Martin22 — Mon, 21 Mar 2022 15:08:10 GMT

Hi,

It's finally working.

In the end, I had to create two rules :

-First rule with Stream_Id as resource filter, Read Update and Publish as selected, and user.role=AdminRole as condition (I switched name for role, to make it easier to manage users).

-I then created a second rule with both Stream_Id and App.Object_* as resource filters, Read Update and Publish as selected, and ((resource.App.stream.name="StreamName")) as condition.

The reason the test user couldn't see any sheets was because the security rule Stream had been disabled.

Regards,

Martin.