article Security Rule Example: How to show data model viewer for published apps in Official Support Articles

Security Rule Example: How to show data model viewer for published apps

Andre_Sostizzo — Mon, 30 Jan 2023 09:32:55 GMT

How To Grant Users The Access To Data Model Viewer.

With default security rules and settings, users can not see the data model for published apps. However, we can achieve this by creating/updating security rules through the Qlik Sense Management Console.

Resolution

Option 1: Create a new Security Rule

Go to the Qlik Sense Management Console
Open Security Rules
Click Create new
Create the following rule:
1. Name = DataModelViewers
2. Description = A description of your choice.
3. Resource filter = App_*
4. Actions = "Read","Update"
5. Conditions = Users of your choice or a previously defined role you will tag the users with.
6. Context = Both in hub and QMC or Only in hub
Click Apply

Option 2: Tagging users as ContentAdmins

This requires a rework of the ContentAdmin rule and will provide far more permissions to users than Option 1. See ContentAdmin for details on what a ContentAdmin is allowed to do.

Tag the users you want to be able to see data models with the ContentAdmin role.
Go to the Security Rules
Locate the default ContentAdmin rule and open it
Modify the rule by changing QMC only to Both in hub and QMC
Click Apply

Re: Security Rule Example: How to show data model viewer for published apps

MN2 — Tue, 01 Mar 2022 10:54:41 GMT

Andre

With this solution, DatamodelsViewers can also update apps properties (add custom properties) and modify app Name and description in hub for pûblished apps.

It is possible to limit the rules to the data model button ?

Thanks

Re: Security Rule Example: How to show data model viewer for published apps

mgranillo — Wed, 30 Mar 2022 16:12:59 GMT

I'm also finding this rule allows access to all dashboards in the hub. This is not good for data security. Is there a way around this?

Re: Security Rule Example: How to show data model viewer for published apps

Sonja_Bauernfeind — Tue, 05 Apr 2022 09:45:55 GMT

Hello @mgranillo

For further customization of security rules, I would recommend posting this query over in the Qlik Sense Deployment and Management forums.

All the best,
Sonja

Re: Security Rule Example: How to show data model viewer for published apps

mgranillo — Thu, 07 Apr 2022 12:38:43 GMT

Thank you. I've posted a question in that forum. For anyone that comes across this, we are having this issue because we have app level security in place.

Re: Security Rule Example: How to show data model viewer for published apps

Ken_T — Fri, 20 Jan 2023 16:59:10 GMT

This is not really clear on what part of the security rule actually grants access to the Data Model Viewer.

Could those details be added?

What part of Content Admin rules actually allows the data model viewer to work in the hub?

If it was desired to grant this view, without using content admin role (which is very plausible as content admin has tremendous power in qmc) - how could this be done?

This post, as is, begs the question of what conditions and objects control the data model viewer.

Re: Security Rule Example: How to show data model viewer for published apps

Sonja_Bauernfeind — Mon, 30 Jan 2023 09:32:22 GMT

Hello @Ken_T

I clarified the article, but am having the rule specifically created for this purpose verified by an SME as well (my tests came back OK, so it works).

To answer your question, it's this bit:

Resource filter = App_*
Actions = "Read","Update"

All the best,
Sonja

Re: Security Rule Example: How to show data model viewer for published apps

tduarte — Fri, 05 May 2023 16:57:17 GMT

Hi @Sonja_Bauernfeind

I assume this would be used in conjuction with
Resouce filter = App.Object_* and Condition resource.objectType = "loadmodel".

Please confirm.

Thanks,
Telmo

Re: Security Rule Example: How to show data model viewer for published apps

RonaldZiggo — Tue, 08 Jul 2025 14:49:50 GMT

Hello all,

We discovered that giving users the 'update' t show the data model, also gives them the right to edit the app information. For example the name and description of the app.

That is something we really don't want them to access. Is there anyone who has tried to 'fix' this for professional license users?

Kind regards,

Ronald

Re: Security Rule Example: How to show data model viewer for published apps

mgranillo — Tue, 08 Jul 2025 18:11:10 GMT

@RonaldZiggo I'm guessing there's nothing that can be done about it but it would be nice to get official response from support

Re: Security Rule Example: How to show data model viewer for published apps

piotr-bratek — Tue, 25 Nov 2025 21:17:04 GMT

any news ? It is exactly as you said ... there is one more risk - while having read & update privileges to apps you can access apps bypassing streams (if you have a link to an app) ...

It seems there is no solution for that.
Data Model Viewer is a part of an App resource, while Data Load Editor is an app object and God knows which one - for sure neither loadmodel nor app_appscript.