Qlik Community

Ask a Question

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
LINKEDIN LIVE: Democratizing data to enhance customer-centricity. JULY 29TH REGISTER TODAY
cancel
Showing results for 
Search instead for 
Did you mean: 
abrown229
Contributor II
Contributor II

App Security Rules

Hi everyone,

I'm not sure if this belongs in this location but I'm hoping someone can help with some security logic.

Here's what I'm trying to achieve:

I have set up a new stream ("Stream_Development") for developing apps along with its own property for access (@DevStream).

I have also set up a custom app property for @Testing.

I can grant access to users using the @DevStream property, but when the @Testing property is set to false on an individual app, the app shouldn't show.

I also have a @Developer property for users who should be able to see all apps in the stream regardless of the state of the @Testing property.

When we want to open that app up to other users for testing, setting the @Testing property should then show it to other users with access to the stream.

It seems like a simple enough concept and I've managed to get the logic working - however in doing so I broke everything else and all users were unable to see any apps but their own (in every stream).

Here's what I've got so far:

I've been manipulating the Stream security rule as that's the only one that I can see that impacts visibility of all apps - but there's clearly something wrong with my logic. The changes I have made are below:

app.stream.name != "Stream_Development" and (
	(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) 
	or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" 
	and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
)
or 
app.stream.name ="Stream_Development" and (resource.@Testing="True" or user.@Developer="True")

The indented block is the original rule with my additions surrounding it.

Am I going about this the right way?

 

Thanks

 

 

 

Labels (4)
0 Replies