https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978518#M4989 <HTML><HEAD></HEAD><BODY><P>Jonathan,</P><P></P><P>I did not have chance to run a full investigation with security rules diagnostics, but I've noticed that some of the rules are "broken" on the system. I am not 100% sure it's causing this issue since it's present on PROD system only and we are using the same set of security rules on DEV and PROD. </P><P></P><P>Will keep you posted.</P><P>Thank you for suggestions.</P><P></P><P>Regards,</P><P>Vladimir&nbsp; </P></BODY></HTML> Tue, 17 Nov 2015 22:17:25 GMT vlad_komarov 2015-11-17T22:17:25Z https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978514#M4985 <HTML><HEAD></HEAD><BODY><P>We are having a strange issue on PROD server. </P><P>The server has two RootAdmins accounts set (qvservice and aaa.bbbbbbbb). All publishing/duplicating/etc was done from qvservice account and this user is listed as the Owner for all available applications.</P><P></P><P>But if aaa.bbbbbbbb user is logged into the Hub, he can see all the applications in “My work” stream..</P><P></P><P>Is it a normal behavior? Should “My work” files be available for the owner only?</P><P></P><P>Additional twist: Some (!!) of the applications in “My Work” folder are not opening properly by aaa.bbbbbbbb user.</P><P>The existing application (with multi-page script and some data) is opening without the data and no script (!!)…</P><P></P><P>Anybody have seen this before?</P><P>Would appreciate an experts' advice. </P><P></P><P></P><P>Best regars,</P><P>Vladimir</P></BODY></HTML> Wed, 11 Nov 2015 16:33:05 GMT https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978514#M4985 vlad_komarov 2015-11-11T16:33:05Z https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978515#M4986 <HTML><HEAD></HEAD><BODY><P>Its possible to change the default security rules to make 'my work' content for one or more users visible under&nbsp; 'my work' of other users.</P><P></P><P>Have you made any changes to the security rules worth mentioning ?&nbsp; </P><P></P><P>But by default the security rules are such that one Root Admin should not see unpublished apps they don't own&nbsp; in the hub under&nbsp; 'my work'.</P></BODY></HTML> Wed, 11 Nov 2015 17:10:40 GMT https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978515#M4986 JonnyPoole 2015-11-11T17:10:40Z https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978516#M4987 <HTML><HEAD></HEAD><BODY><P>Jonathan,</P><P></P><P>Thank you for reply.</P><P></P><P>Do you know which security rule is responsible for <SPAN style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">'my work'&nbsp; folder access? </SPAN></P><P><SPAN style="color: #3d3d3d; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">I was not able to find anything related to it on QMC...</SPAN></P><P></P><P>I don't think we have modified it, but I would like to check it. This server was just installed couple weeks ago and the only security rules changed there were the ones responsible for Published streams access for specific users and groups.</P><P></P><P>Regards,</P><P>Vladimir </P></BODY></HTML> Wed, 11 Nov 2015 18:06:35 GMT https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978516#M4987 vlad_komarov 2015-11-11T18:06:35Z https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978517#M4988 <HTML><HEAD></HEAD><BODY><P>Its probably tied up with the owner rule. Its meant to let owners have read access to unpublished content that they own. </P><P><IMG alt="Capture.PNG" class="jive-image image-1" src="https://community.qlik.com/legacyfs/online/105205_Capture.PNG" style="height: 279px; width: 620px;" /></P><P></P><P></P><P>But i was thinking it might be faster to use the 'Audit' section of QMC on the app in question and the user in question to bring up the rights established by the security rules</P><P></P><P><IMG alt="Capture.PNG" class="jive-image image-2" src="https://community.qlik.com/legacyfs/online/105206_Capture.PNG" style="height: 237px; width: 620px;" /><IMG alt="Capture2.PNG" class="jive-image image-3" src="https://community.qlik.com/legacyfs/online/105207_Capture2.PNG" style="height: 293px; width: 620px;" /></P></BODY></HTML> Wed, 11 Nov 2015 18:55:42 GMT https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978517#M4988 JonnyPoole 2015-11-11T18:55:42Z https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978518#M4989 <HTML><HEAD></HEAD><BODY><P>Jonathan,</P><P></P><P>I did not have chance to run a full investigation with security rules diagnostics, but I've noticed that some of the rules are "broken" on the system. I am not 100% sure it's causing this issue since it's present on PROD system only and we are using the same set of security rules on DEV and PROD. </P><P></P><P>Will keep you posted.</P><P>Thank you for suggestions.</P><P></P><P>Regards,</P><P>Vladimir&nbsp; </P></BODY></HTML> Tue, 17 Nov 2015 22:17:25 GMT https://community.qlik.com/t5/Management-Governance/Wrong-person-has-access-to-applications-available-in-My-Work/m-p/978518#M4989 vlad_komarov 2015-11-17T22:17:25Z