Hi All, 

I have a stream with 20 apps and around 15 user groups who can see all the apps in that stream. Now I need to add new usergroup who can only view 2 apps out of 10 apps. 

I have gone through the video about "Qlik Sense Stream Management Security Rules and Exception Management" which points out one of the way to achieve app level access. However, in my case, it'll be to cumbersome as I need to tag each of 20 apps with 15 usergroups  under custom property, which will be lot of maintenance in the future if we're to add more groups. 

I tried the below security rules to restrict app level access, however my existing usergroup is not able to see any app in the stream with the modified rule.

Original:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or

 ((resource.resourcetype = "App.Object" and resource.published ="true") 

 and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet"))  and

 ((user.group=resource.@Group or (resource.@Group.empty())))

Modified rule:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or 

((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet"))    and 

(user.group=resource.@Group or resource.@Group.empty() and user.group !="ABCD")  or

 (user.group = "ABCD" and (app.id = "b393a7ac-c590-4b6c-8c70-3f312d87a6f6"  or app.id = "d453a7ac-c590-4b6c-8c65-32d421d87a6f6"))

Appreciate any inputs on how to modify the above rule for app level access. 

Thanks,
Rupini