topic Full access only on specific streams for developers in Management & Governance https://community.qlik.com/t5/Management-Governance/Full-access-only-on-specific-streams-for-developers/m-p/1202748#M7645 <HTML><HEAD></HEAD><BODY><P>Hi!</P><P></P><P>I want to be able to have a "Publish Admin" role, where the developers can only publish new versions of apps they are allowed to develop on. There are other apps which they can see, but shouldn't be able to duplicate. Any idea how to do this?</P><P></P><P>User: .\test1</P><P>Streams: Newstream, Secondstream</P><P>Read, Publish-rights on both streams.</P><P></P><P>First a custom property:</P><P>Name: CanPublish</P><P>Resource types: Users, Streams</P><P>Values: [e.g.stream name - doesn't have to be identical to the actual stream name, as long as the value is identical on user and stream], ex. Newss</P><P></P><P>We add this custom property on:</P><P>User: ”test1” with value ”Newss”</P><P>Stream: ”NewStream” with value ”Newss”</P><P></P><P>Two rules is needed:</P><P>One for what you can see in the QMC</P><P>Name: _LocalAdmin QMC</P><P>Resource filter: QmcSection_App</P><P>Actions: Read</P><P>Conditions: user.roles="LocalAdmin"</P><P>Context: Only in QMC</P><P></P><P>One for what you should be able to do with the apps:</P><P>Name: _LocalAdmin apps</P><P>Resource filter: Stream_*,App_*,App.Object_*,Tag_*</P><P>Actions: all</P><P>Conditions: user.roles="LocalAdmin" and&nbsp; (</P><P>(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="Tag") and</P><P>(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish ) or</P><P>(resource.IsOwned()&nbsp; and resource.owner = user)</P><P>)</P><P>Context: Only in QMC</P><P></P><P>First question:</P><P>The result is that users can duplicate all apps he can see, and he can replace all apps in streams where both he and the stream has the same custom property value on "CanPublish" (see attached yes.png). How can I deny him access on "SecondStream" (see attached no.png) ?</P><P>Without the (resource.IsOwned()&nbsp; and resource.owner = user) the user can't duplicate his own apps, nor duplicate or replace apps that are present in the streams he should be "LocalAdmin" to.</P><P></P><P></P><P>Second question:</P><P>With these added conditions (+ QMC sections rules), he can add tasks under the QMC sections, but for some reason the "Create new reload task" under the Apps section of QMC is grayed out. Any idea how to allow this directly under Apps section of QMC?</P><P></P><P>Resource filter: Stream_*,App_*,App.Object_*,Tag_*, ReloadTask_*,SchemaEvent_*,CompositeEvent_*</P><P>Actions: all</P><P>Conditions: user.roles="LocalAdmin" and (</P><P>(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="ReloadTask" or resource.resourcetype="SchemaEvent" or resource.resourcetype="CompositeEvent" or resource.resourcetype="Tag")&nbsp; and</P><P>(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish) or</P><P>(resource.IsOwned()&nbsp; and resource.owner = user)</P><P>)</P><P>Context: Only in QMC</P></BODY></HTML> Wed, 05 Oct 2016 13:28:39 GMT ergustafsson 2016-10-05T13:28:39Z Full access only on specific streams for developers https://community.qlik.com/t5/Management-Governance/Full-access-only-on-specific-streams-for-developers/m-p/1202748#M7645 <HTML><HEAD></HEAD><BODY><P>Hi!</P><P></P><P>I want to be able to have a "Publish Admin" role, where the developers can only publish new versions of apps they are allowed to develop on. There are other apps which they can see, but shouldn't be able to duplicate. Any idea how to do this?</P><P></P><P>User: .\test1</P><P>Streams: Newstream, Secondstream</P><P>Read, Publish-rights on both streams.</P><P></P><P>First a custom property:</P><P>Name: CanPublish</P><P>Resource types: Users, Streams</P><P>Values: [e.g.stream name - doesn't have to be identical to the actual stream name, as long as the value is identical on user and stream], ex. Newss</P><P></P><P>We add this custom property on:</P><P>User: ”test1” with value ”Newss”</P><P>Stream: ”NewStream” with value ”Newss”</P><P></P><P>Two rules is needed:</P><P>One for what you can see in the QMC</P><P>Name: _LocalAdmin QMC</P><P>Resource filter: QmcSection_App</P><P>Actions: Read</P><P>Conditions: user.roles="LocalAdmin"</P><P>Context: Only in QMC</P><P></P><P>One for what you should be able to do with the apps:</P><P>Name: _LocalAdmin apps</P><P>Resource filter: Stream_*,App_*,App.Object_*,Tag_*</P><P>Actions: all</P><P>Conditions: user.roles="LocalAdmin" and&nbsp; (</P><P>(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="Tag") and</P><P>(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish ) or</P><P>(resource.IsOwned()&nbsp; and resource.owner = user)</P><P>)</P><P>Context: Only in QMC</P><P></P><P>First question:</P><P>The result is that users can duplicate all apps he can see, and he can replace all apps in streams where both he and the stream has the same custom property value on "CanPublish" (see attached yes.png). How can I deny him access on "SecondStream" (see attached no.png) ?</P><P>Without the (resource.IsOwned()&nbsp; and resource.owner = user) the user can't duplicate his own apps, nor duplicate or replace apps that are present in the streams he should be "LocalAdmin" to.</P><P></P><P></P><P>Second question:</P><P>With these added conditions (+ QMC sections rules), he can add tasks under the QMC sections, but for some reason the "Create new reload task" under the Apps section of QMC is grayed out. Any idea how to allow this directly under Apps section of QMC?</P><P></P><P>Resource filter: Stream_*,App_*,App.Object_*,Tag_*, ReloadTask_*,SchemaEvent_*,CompositeEvent_*</P><P>Actions: all</P><P>Conditions: user.roles="LocalAdmin" and (</P><P>(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="ReloadTask" or resource.resourcetype="SchemaEvent" or resource.resourcetype="CompositeEvent" or resource.resourcetype="Tag")&nbsp; and</P><P>(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish) or</P><P>(resource.IsOwned()&nbsp; and resource.owner = user)</P><P>)</P><P>Context: Only in QMC</P></BODY></HTML> Wed, 05 Oct 2016 13:28:39 GMT https://community.qlik.com/t5/Management-Governance/Full-access-only-on-specific-streams-for-developers/m-p/1202748#M7645 ergustafsson 2016-10-05T13:28:39Z