We have our environment tied to Active Directory, and I'm attempting to configure Application level security. I believe I'm close, but its not quite working. Note that I do not want sheet level security at this point. If a user has access to an app, I'm ok with them seeing all sheets within that app.
I created two Custom Properties, one each for streams (StreamGroup) and apps (AppGroup). The values in both of custom properties match the names of the AD groups that I want to to use to secure the apps.
I then added all the stream property values to each stream that are associated with the apps that are published to each stream. If a stream has 3 published apps, then it is given the 3 stream property values that match those apps. I then gave each app its associated app custom property value.
Next, I disabled the default Stream Security Rule. Then I created two new security rules, on each for streams and apps. The stream rule has "Stream*" for a filter and the following condition: ((user.group=resource.@StreamGroup)) It seems to be working as intended.
The app rule has "App*" as a filter and the following condition: (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppGroup = user.group). On its own this isn't working. If I add an additional rule for each app with an "App*" filter and condition: ((user.group="AD Group Name Here")), then everything appears to be working until an app is opened. None of the sheets are visible to users at this point.
Any advice would be greatly appreciated. Thank you.
Thanks for the response. I gave that a try though and unfortunately it didn't do the trick. I'm new to writing these conditions, but do you think it would be possible to call additional app.object criteria in the code? I'm just not sure what's available to specify...