topic Security Rule Addition #1 in Management & Governance https://community.qlik.com/t5/Management-Governance/Security-Rule-Addition-1/m-p/1112036#M31158 <HTML><HEAD></HEAD><BODY><P>Here is an addition/change to the security rules that you may (or may not) want, depending on your needs:</P><P></P><P>Scenario:&nbsp; under the proposed custom rules in the GSS package, your RootAdmin roles will be able to see all streams and apps in the hub, which are published.&nbsp;&nbsp; In addition, they can see all unpublished apps in their own My Work stream.&nbsp;&nbsp; This can be overwhelming to see everybody's in-progress apps, but I find it useful for oversight and monitoring.&nbsp;&nbsp;&nbsp; IF YOU DON'T WANT THIS capability, then consider the changes below:</P><P></P><P>1) in the custom security rule called "_abc - Root Admin Group Rule", uncheck the <STRONG>Export data</STRONG> checkbox, and then change the <STRONG>Context</STRONG> to <STRONG>Only in QMC.</STRONG>&nbsp;&nbsp;&nbsp; This will remove all of the unpublished apps from being seen in the RootAdmin's My Work stream (they will still see their own unpublished apps, just not others').&nbsp; </P><P></P><P>2) Since this will also remove their built in ability to see all streams, you will want to add a @QlikGroup custom property value of "Admin" or something similar to each stream in your QMC.&nbsp;&nbsp; Then add the group "Admin" to any RootAdmins in your security catalog.&nbsp;&nbsp; What this does is allow the group access rule (_abc - Group Access Rule) to give read access to all streams for the RootAdmins.&nbsp; </P><P></P><P>See screenshot below.&nbsp;&nbsp; I used the @QlikGroup value of "IT" on all of my streams and then added the security group "IT" to all of my Admins, so they could see all streams.&nbsp;&nbsp; </P><P></P><P>Brad Peterman, QLIK</P></BODY></HTML> Wed, 29 Jan 2025 17:06:43 GMT Brad_Peterman 2025-01-29T17:06:43Z Security Rule Addition #1 https://community.qlik.com/t5/Management-Governance/Security-Rule-Addition-1/m-p/1112036#M31158 <HTML><HEAD></HEAD><BODY><P>Here is an addition/change to the security rules that you may (or may not) want, depending on your needs:</P><P></P><P>Scenario:&nbsp; under the proposed custom rules in the GSS package, your RootAdmin roles will be able to see all streams and apps in the hub, which are published.&nbsp;&nbsp; In addition, they can see all unpublished apps in their own My Work stream.&nbsp;&nbsp; This can be overwhelming to see everybody's in-progress apps, but I find it useful for oversight and monitoring.&nbsp;&nbsp;&nbsp; IF YOU DON'T WANT THIS capability, then consider the changes below:</P><P></P><P>1) in the custom security rule called "_abc - Root Admin Group Rule", uncheck the <STRONG>Export data</STRONG> checkbox, and then change the <STRONG>Context</STRONG> to <STRONG>Only in QMC.</STRONG>&nbsp;&nbsp;&nbsp; This will remove all of the unpublished apps from being seen in the RootAdmin's My Work stream (they will still see their own unpublished apps, just not others').&nbsp; </P><P></P><P>2) Since this will also remove their built in ability to see all streams, you will want to add a @QlikGroup custom property value of "Admin" or something similar to each stream in your QMC.&nbsp;&nbsp; Then add the group "Admin" to any RootAdmins in your security catalog.&nbsp;&nbsp; What this does is allow the group access rule (_abc - Group Access Rule) to give read access to all streams for the RootAdmins.&nbsp; </P><P></P><P>See screenshot below.&nbsp;&nbsp; I used the @QlikGroup value of "IT" on all of my streams and then added the security group "IT" to all of my Admins, so they could see all streams.&nbsp;&nbsp; </P><P></P><P>Brad Peterman, QLIK</P></BODY></HTML> Wed, 29 Jan 2025 17:06:43 GMT https://community.qlik.com/t5/Management-Governance/Security-Rule-Addition-1/m-p/1112036#M31158 Brad_Peterman 2025-01-29T17:06:43Z