Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jimmy_rhoat
Partner - Contributor II
Partner - Contributor II
‎2017-04-03 02:06 PM

Allowing end users to create bookmarks on sheets

Good afternoon Qlik Community,

I am new to Qlik Sense I am hoping you can help me on an issue we are having.

What we are trying to accomplish - 

  • Allow end users to create bookmarks on sheets with the least privileges
    • This would not allow users to create other objects such as stories, other sheets, or etc. ONLY Bookmarks

Here are a few previous postings that were used as a guide to create the below rule:

Resource Filter

App.Object_Bookmark* 

Actions

Create

Conditions

!resource.App.stream.Empty()

and resource.App.HasPrivilege("read")

and (resource.objectType = "sheet")

and !user.IsAnonymous()

When using the audit portion it does look like this is exactly what we needed and it seems to apply the permissions correctly, however, it does not allow the users to create bookmarks, as I have tested this with a standard user account.

We are also noticing that it is not all sheets are behaving in the same fashion. Some of the sheets belong to a different stream, one stream allows users to publish while the other does not. The one that is working allows users to publish.

So the questions are:

  1. What are the least privileges you need to create bookmarks?
  2. Can this be done without allowing unnecessary privileges?
  3. Is there a document discussing the hierarchy to better understand Least-Privilege administration in Qlik?
5,540 Views
0 Likes
1 Solution

Accepted Solutions
jimmy_rhoat
Partner - Contributor II
Partner - Contributor II
‎2017-04-17 03:00 PM
Author

Updating my original post as it is now solved. The problem I was having with the other posts not working was a bug in sync persistence shown here.

https://qliksupport.force.com/QS_CaseWizardKnowledgeArticle?Id=ka5D00000004RtIIAU

The straight-forward method is this:

Filter: App.Object_*

Action: Create

Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "bookmark") and !user.IsAnonymous()

Context: Hub

Logic: Non-anonymous users can create app objects on apps which belong to streams where the user has read privileges already and the object that they are creating are bookmarks.

Additionally, the publish rights to the stream is not required.

View solution in original post

4,606 Views
5 Replies
jimmy_rhoat
Partner - Contributor II
Partner - Contributor II
‎2017-04-17 03:00 PM
Author

Updating my original post as it is now solved. The problem I was having with the other posts not working was a bug in sync persistence shown here.

https://qliksupport.force.com/QS_CaseWizardKnowledgeArticle?Id=ka5D00000004RtIIAU

The straight-forward method is this:

Filter: App.Object_*

Action: Create

Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "bookmark") and !user.IsAnonymous()

Context: Hub

Logic: Non-anonymous users can create app objects on apps which belong to streams where the user has read privileges already and the object that they are creating are bookmarks.

Additionally, the publish rights to the stream is not required.

4,607 Views
TKendrick20
Partner - Specialist
Partner - Specialist
‎2017-09-27 03:54 PM

In response to jimmy_rhoat

Thank you so much for posting this. I've been driving myself crazy reading all the documentation on how to do this. Don't know if I should be relieved or worried that it turned out just to be a bug...

4,606 Views
0 Likes
avkeep01
Partner - Specialist
Partner - Specialist
‎2018-02-08 08:47 AM

In response to jimmy_rhoat

Hi James,

I'm not able to look into the support ticket, but I solved it by restarting the services. Is that what the bug is? So after changing the security rule restarting the services?

4,606 Views
0 Likes
jimmy_rhoat
Partner - Contributor II
Partner - Contributor II
‎2018-02-08 09:19 AM
Author

In response to avkeep01

Basically, there is an issue with sync persistence that means you will need to recycle your services on all nodes due to caching from the repository service.

They provide a way of disabling the caching all together, but we opted not to do this because of how many users we get to log into the system. I believe this was the better route as I didn't want to track making custom changes due to a bug and confirm when I would need to revert. I just make note that services may need to be restarted as we wait for shared persistence. I would also like to add that this was the only time it happened for us, so it is a rare occurrence.

4,606 Views
avkeep01
Partner - Specialist
Partner - Specialist
‎2018-02-08 09:24 AM

In response to jimmy_rhoat

Thanks, that explains why restarting the services fixes my issue of applying the business rules.

4,606 Views
0 Likes