topic Re: How to remove the possibility for anonymous users to see objects in the applications created by the community. in Management & Governance

How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 08:40:44 GMT

interesting task. It is essential that anonymous users can not see the sheets, history, created and published by authorized users.

In QMC section 'appobjects' it's object maked as Approved ='not approved' and Published='published'

Help me find a rule allowing all users who have permission to read the application to see objects published by other users.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Wed, 12 Aug 2015 14:04:14 GMT

Alexander,

Review the following rules:

CreateAppObjectsPublishedApp

Basically this rule allows users who have read privileges on an app can create sheets, stories, bookmarks, and snapshots as long as the user is NOT anonymous. This is a default rule in Qlik Sense.

CreateApp

This rule allows all users NOT anonymous to create App resources.

OwnerPublishAppObject

Allows owners of their content to publish it.

There are some others but these are the main ones.

I should add that to remove anonymous from being able to read published resources you should be able to alter createAppObjectsPublishedApp rule by adding Read action as well as already selected Create.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 14:26:24 GMT

Thanks for the answer.

You can specify how do I change a rule CreateAppObjectsPublishedApp that would anonymous user could not see the object issued to authorized users in a published application

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Wed, 12 Aug 2015 14:30:08 GMT

I believe you only need to check Read to the rule. Try it and see what happens when you log in as anonymous. It's easy to change back if it doesn't work.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 14:40:01 GMT

What about the rule of "Stream"

I think that it is the rule allows anonymous users to read the applications and objects in these applications in the stream of "Everyone"

the essence of this rule - Allow to create these objects in the applications to authorized users. I do not understand what effect will the installation steps "read"

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 14:45:46 GMT

I tried to change the rule as you suggested. Did not help. anonymous users access sheet created by an authorized user.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 15:00:47 GMT

have idea

change Stream rule

from it

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

to this

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true") or (resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and !user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

something like that.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Wed, 12 Aug 2015 15:26:20 GMT

So let's back up. Is this a change you want to make to only the Everyone stream or to any stream? What you are putting is what I feel is a lot of extra stuff. Let me play around and see what I can find.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Wed, 12 Aug 2015 16:12:23 GMT

So Alexander I think I have something that may work.

I made the Stream Security Rule which is an App resource filter rule, a little different. What I added is bold.

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

Try this and let me know how it goes.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 16:14:20 GMT

For stream everyone.

I have not tested my proposed security rule. not sure that the syntax is correct. I wanted to express the idea, and I think you understand it

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 16:41:35 GMT

Jeffrey Goldberg <span class="icon-status-icon icon-employee" title="Employee"></span> написал(а):

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

jg

I tried to change the rule as you suggested. Did't help.

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Wed, 12 Aug 2015 16:48:01 GMT

Yippee!

I did it!

All the same, my idea was correct

My security rule "Stream"

Resorce filter App*

condition

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true") and resource.app.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and !user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

Context Both

Action Read

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

korsikov — Mon, 04 Jul 2016 08:26:27 GMT

in Qlik Sense 3.0 Security Rule has some changes

Resource filter: App*

Conditions

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

(

(resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

(resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel" and !user.IsAnonymous())

and resource.app.stream.HasPrivilege("read")

)

Context :both

Action: Read