Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi - I set up a Custom Property called AppAccessGroup, and there are a few custom values assigned and I've since assigned them to both people and apps. Stream access was already started by being dictated by individual user so for the sake of not redoing it all, I've left that as is.
I then created a security rule to enforce the tags:
But now, the tagged users can only SEE the apps they're supposed to see (which, yay), but then are told there are no available sheets.
To my eye, none of my other existing security rules would limit what AppObjects can be seen or not, so I am at a complete loss as to why it is behaving this way and would really love some advice or idea of where to start looking. I need my users to see the apps they're supposed to see and everything within them. I thought using the App* was supposed to cover that but it does not appear to be doing so. I also attempted adding the AppObject* to the line with App*.
And yes, I have been turning off the default rule of Stream to test this (plus if it had been on, this wouldn't be happening).
Thank you.
I think you would need to change this below rule as well, we did it long back so not exactly able to recall but can you compare what you got in this rule?
Full rule text as below
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@PH_AppGroup.empty()) or ((resource.resourcetype = "App.Object" and
resource.objectType != "app_appscript" and resource.published ="true" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
This is we got the other rule similar to what you have shown in your post, PH_Appgroup is the custom property to be assigned to both App and the user resource.
