Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 04:40 AM

How to remove the possibility for anonymous users to see objects in the applications created by the community.

interesting task. It is essential that anonymous users can not see the sheets, history, created and published by authorized users.

In QMC section 'appobjects' it's object maked as Approved ='not approved' and Published='published'

Help me find a rule allowing all users who have permission to read the application to see objects published by other users.

2,065 Views
0 Likes
1 Solution

Accepted Solutions
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 12:48 PM
Author

Yippee!

I did it!

All the same, my idea was correct

My security rule "Stream"

Resorce filter  App*

condition

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true")  and resource.app.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

Context Both

Action Read

View solution in original post

1,619 Views
0 Likes
12 Replies
Not applicable
‎2015-08-12 10:04 AM

Alexander,

Review the following rules:

CreateAppObjectsPublishedApp

Basically this rule allows users who have read privileges on an app can create sheets, stories, bookmarks, and snapshots as long as the user is NOT anonymous.  This is a default rule in Qlik Sense.


CreateApp

This rule allows all users NOT anonymous to create App resources.


OwnerPublishAppObject

Allows owners of their content to publish it.


There are some others but these are the main ones.


I should add that to remove anonymous from being able to read published resources you should be able to alter createAppObjectsPublishedApp rule by adding Read action as well as already selected Create.


jg

1,299 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 10:26 AM
Author

In response to

Thanks for the answer.

You can specify how do I change a rule  CreateAppObjectsPublishedApp that would  anonymous user could not see the object issued to authorized users in a published application

1,299 Views
0 Likes
Not applicable
‎2015-08-12 10:30 AM

In response to korsikov

I believe you only need to check Read to the rule.  Try it and see what happens when you log in as anonymous.  It's easy to change back if it doesn't work.

2015-08-12 10_28_23-Security rule edit - QMC.png

1,299 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 10:40 AM
Author

In response to

What about the rule of "Stream"

I think that it is the rule allows anonymous users to read the applications and objects in these applications in the stream of "Everyone"

the essence of this rule - Allow to create these objects in the applications to authorized users. I do not understand what effect will the installation steps "read"

1,299 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 10:45 AM
Author

In response to

I tried to change the rule as you suggested. Did not help. anonymous users access sheet created by an authorized user.

1,299 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 11:00 AM
Author

In response to korsikov

have idea

change Stream rule

from it

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

to this

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true") or (resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

something like that.

1,299 Views
0 Likes
Not applicable
‎2015-08-12 11:26 AM

In response to korsikov

So let's back up.  Is this a change you want to make to only the Everyone stream or to any stream?  What you are putting is what I feel is a lot of extra stuff.  Let me play around and see what I can find.

jg

1,299 Views
0 Likes
Not applicable
‎2015-08-12 12:12 PM

In response to

So Alexander I think I have something that may work.

I made the Stream Security Rule which is an App resource filter rule, a little different.  What I added is bold.

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

Try this and let me know how it goes.

jg

1,299 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2015-08-12 12:14 PM
Author

In response to

For stream everyone. 

I have not tested my proposed security rule. not sure that the syntax is correct. I wanted to express the idea, and I think you understand it

1,299 Views
0 Likes