Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
I disabled default security rule 'FolderDataConnection' which provisions only default admins in the system to create folder data connections.
And i mimic the above security rule to provision all users in the system to be able to create folder data connections except 2 groups like below,
resource.type = "folder" and (user.group!="BIgroup1" or user.group!="BIgroup2") - Not working
resource.type = "folder" and user.group!="BIgroup1" or user.group!="BIgroup2" - Not working
(resource.type = "folder" and (user.group!="BIgroup1" or user.group!="BIgroup2")) - Not working
resource.type = "folder" and ((user.group!="BIgroup1" or user.group!="BIgroup2")) - Not working
but rule works if, i pass only one group like below
resource.type = "folder" and user.group!="BIgroup1" - Working
resource.type = "folder" and (user.group!="BIgroup1") - Working
could some one help me how this could make work with more than one group/user set?
Thanks,
Hey Ramesh,
This style of rule is working perfectly fine on my side:
Attempt that style of syntax. If that doesn't resolve things, when convenient, restart the Repository Service on all nodes to flush out the cache of security rules. I ask that last part because on older builds and especially on Synchronized Persistence, there were caching issues there.
Hope that helps.
Hi Levi,
unfortunately this doesn't works for me.
I use same condition as you recommended
((resource.type="folder") and (user.group!="Sales" or user.group!="HR")) and also restarted QRS but, no luck.
is there any other possible reasons that i can quickly verify.
Additional details:
QS Version: February 2018
Persistence model: Shared
Varient: Enterprise edition
Thanks,
Ramesh
That should work so long as the user is not a member of those two groups. For your side, you will want to adjust the group names to match whatever the user's belong to on your side.
I'd also encourage using the Audit functionality to get an overview of all the rules at play.
If that does not resolve things then you are certainly welcome to create a case with Qlik Support. From the Support perspective we have a very limited role in writing rules for customers, but we can try to add value.