topic Re: QlikSense Security Rule - Update published apps to some users in Management & Governance

QlikSense Security Rule - Update published apps to some users

marcos_herrera — Mon, 19 Feb 2018 20:56:31 GMT

Hi Dear Qlik Community

I'm triyong to create a Security Rule to grant access to update published apps to some users (Like to executive users) , i copied the Stream Defaul Security rule to make the new rule but not works

The rule has the following properties

Resorce filter: App*

Actions: read, update

Condition:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin"

) or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

Additionally, i cretaed an adtional rule for normal users (Onlye read)

Resorce filter: App*

Actions: read

Condition:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup != "Admin"

) or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

Additional info:

1) The standar Stream Security Rule was disabled

2) I created a Custom Property for user and apps, with values "Admin"

3) The users that need update the published apps has the custom property "Admin"

4) One o the "Admin" user is the owner app

The problem is that all users can update the published apps

Re: QlikSense Security Rule - Update published apps to some users

YoussefBelloum — Tue, 20 Feb 2018 10:51:37 GMT

Hi,

I'll try to redo all this and see what's the problem here

Re: QlikSense Security Rule - Update published apps to some users

Levi_Turner — Wed, 21 Feb 2018 04:04:21 GMT

I'd break out your selection criteria into logical parts. Example:

Before:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin" ) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

After:

((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))) and user.@UserGroup = "Admin"

Or you could just separate out the update functionality to a separate rule. Since rules are additive then it will add on to the previously configured permissions. That's generally easier than managing two different rules.

Why do you want the update right? To expose the DLE? Expose the data model?

Re: QlikSense Security Rule - Update published apps to some users

marcos_herrera — Wed, 21 Feb 2018 15:29:27 GMT

Hi ltu

I create one Rule with the following attributes

Name: Stream Admin

Resorce filter: App*

Actions: read, update

Condition:

This rule worked fine for me, but i need an extra rule to the user thah does not have the custom property UserGroup = "Admin" the rule will be used for the "reader" user on published Apps. I tried with this

Name: Stream Reader

Resorce filter: App*

Actions: read

Condition:

((resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@UserGroup.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))

But not works, the users that not have custom property UserGroup = "Admin" can edit the Published App