Skip to main content
Announcements
NEW: Seamless Public Data Sharing with Qlik's New Anonymous Access Capability: TELL ME MORE!
cancel
Showing results for 
Search instead for 
Did you mean: 
anirban_chakrab
Partner - Contributor II
Partner - Contributor II

Restricting users from publishing app only to specific Data Connections

Say, rootadmin creates a set of data Connections.

The users can create their own apps but can only publish the apps to the Data Connections created by rootadmin.

How to achieve that? Please advise.

1 Solution

Accepted Solutions
Joan_MARTY_P3
Contributor III
Contributor III

The point is that you are not able through standard functionalities from QMC to set up security rule based on the free text from loading scripts.

The only capability I see to follow you objective would be to read the script from the application using APIs and then to have a boolean allowing or not publication of the app...

This seems to be a bit tricky to set up some kind of check list without dedicated feature development out of the platform.

Other solution would be to set up a check list priori being able to publish an application. It should be more a process constraint than a tool constraint. Delegation of the responsability to the end user willing to publish.

Then on platform admin side, having a bot running through your applications and scanning the scripts. I a script is not conform, application is removed (or place in quarantine) and end user informed.

In all case, there no simple way to scan used data connections in apps with simple security rules

View solution in original post

4 Replies
Joan_MARTY_P3
Contributor III
Contributor III

Hum in term of governance model, I would more take this topic another way.

Rootadmin or equivalent profile should only be the one able to create data connections. You will then avoid to get big pollution on your platform.

anirban_chakrab
Partner - Contributor II
Partner - Contributor II
Author

Ideally yes. But cannot restrict users. Our query with examples below...

RootAdmin
        > Creates Data Connections to specific 'Application Schemas' in database. Connection name say, DConn_APP1, DConn_APP2

Each user
        > Creates Data Connections to their 'own schemas' in database and can create apps. Connection name say: DConn_BOB, DConn_JOHN
        > Creates apps using the Data Connections DConn_APP1, DConn_APP2 which are created by rootadmins
        > But, can only publish their Apps if their Apps are using connections DConn_APP1, DConn_APP2

Joan_MARTY_P3
Contributor III
Contributor III

The point is that you are not able through standard functionalities from QMC to set up security rule based on the free text from loading scripts.

The only capability I see to follow you objective would be to read the script from the application using APIs and then to have a boolean allowing or not publication of the app...

This seems to be a bit tricky to set up some kind of check list without dedicated feature development out of the platform.

Other solution would be to set up a check list priori being able to publish an application. It should be more a process constraint than a tool constraint. Delegation of the responsability to the end user willing to publish.

Then on platform admin side, having a bot running through your applications and scanning the scripts. I a script is not conform, application is removed (or place in quarantine) and end user informed.

In all case, there no simple way to scan used data connections in apps with simple security rules

anirban_chakrab
Partner - Contributor II
Partner - Contributor II
Author

Thanks for the advice.