topic Re: Restrict access in applications management level. in Management & Governance

Restrict access in applications management level.

Fri, 01 Apr 2016 11:00:59 GMT

Hello Qlik community, after installing new qlik sense server i have questions about security.

Until now i have managed to create streams and assign custom properties in streams and users, so to control in which stream should have access each user or group of users creating custom rule.

Also i have managed to change security rule for restricting users to create sheets,bookmarks by changing the generic rule : CreateAppObjectsPublishedApp.

I want to ask how can i change the stream rule in order to restrict users to have access in particular apps when they have access in the stream.So the question is what about applications level management or sheet management?

Please note that i have watched specific video : Qlik Sense Stream Management Security Rules and Exception Management - YouTube but the result was not what i expected for applications management level.

Any working examples will be really appreciated.

D.Raoulis

Re: Restrict access in applications management level.

Gysbert_Wassenaar — Thu, 07 Apr 2016 12:03:48 GMT

You can give users rights to take actions on objects at different levels. Stream is a level. A more fine grained level is App. Still finer is Sheet. But a rule that gives an action cannot be undone or restricted by another rule. If you give a user rights to modify apps in a stream you cannot restrict that access per app on the app level anymore. If you want users to have access only to some apps in a stream then you need to assign those rights at the app level, not the stream level. Or simply create another stream with only those apps they should have access to and give them rights to that stream. If that does not answer your question please explain what you want to know.

Re: Restrict access in applications management level.

Thu, 07 Apr 2016 12:19:52 GMT

Thank you Gysbert for the quick answer. To my understanding qlik sense server offers generic security rules that can be overwritten by admin users who have rights.

So i have created this custom rule to manage access for users who have access in streams and in both recources i have assigned the Group Property with values (Sales, Marketing, Developers, Financials, CEO) :

When i am trying to do the same for applications i understand that the generic rule "Stream" is preventing my new Security Rule to be activated.

The same i think is happening for sheets level.

With above screenshot - security rule i have managed to assign properties to users and streams and controll with success the access of my Company's users. Can you help me to do the same for applications - sheets management level? Or redirect me to resources ?

Thaks again for your help.

Re: Restrict access in applications management level.

Gysbert_Wassenaar — Thu, 07 Apr 2016 14:20:00 GMT

As I said before a rule grants a user to do something with an object. Rules can never remove rights. So if you have a rule that grants rights at the stream level then you cannot take away those rights with rules at the app level.