Hello Security rules in Qlik sense are complete hassle majority of replies are like : ... modify existing rules... ... try this and that ... keep in mind not to modify existing rules ... and so on...
ok now I have a sheet in an app that I want to hide; I don't want to put 0 in the Show if condition because if a user has the privilege to edit then this sheet would be visible to him
can someone help on how to hide this sheet using a security rule? I tried creating a security rule from App.Object* template and added that Sheet.Name (resource.name != desired_sheet_i_want_to_hide) but all in vain why qlik is complicating such straight forward things? no idea kindly advise
You have indeed received responses from several people attempting to help you achieve what you want, and you can use those to solve your problem, albeit in a manner that is more complex than you'd like. If you'd like to suggest a change to how security rules work, you can use the Ideation section of this site.
Hi, note that there is a security rule called Stream that gives access to App*, and that includes App and App.Object, so you'll need to disable this rule to avoid the permissions this rule gives.
In the environments I need to do something similar I usually disable this rule, and create a new one making a manual copy of this rule, then I add my needed modifications.
In example you can create a custom property called AppType, with a HiddenSheets value and apply this value to the app with the sheets you want to hide and the users that can see this sheets.
This will be easier if app.objects accepted custom properties but it only goes until the app, so the option to select hidden sheets if with a prefix or sufix to the sheet names.
So, if the original rule is:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
The rule with the modifications can be:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel" and (resource.app.@AppType!="HiddenSheets" or !(resource.name like "_*") or user.@AppType="HiddenSheets")) and resource.app.stream.HasPrivilege("read"))
Here the initial _ in the shhet names specify wich ones should be hidden to user without the HiddenSheets property.
The bold part gives access to all app ojects of apps without the HiddenSheets property, and from the apps with this property, to the app objects without name starting by _. Only the users with the property value HiddenSheets can see all the sheets.
I haven't tested so maybe I forgot something but I make this work on production environments.
As you imagine, hide diffrent sheets for different users can be done but with a very complex security rule that may affect performance.
