Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
QlikWorld happening right now! You can still join: REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
alexandra_dh
Contributor III
Contributor III

In Qliksense QMC, authorise specific users to start task but not edit the task or the app

Hello Everybody,

There is my problem :

I've implemented a specific security in a production environement (I'm an administrator).

Only admins can publish and manage application on production. But delegated Admin have access to the QMC to see the Apps on which they are responsible for. They just have a "view" right. We don't want they edit the App, modifying Custom Properties for example.

I would like that through the QMC they can launch the tasks refering to the specific Apps on which they are responsible for. They musn't have the right to edit these task.

Today all is mainly OK,  except that when they launch the task, they have the error "Insufficient privilege".

The only way I've found to resolve this is to allow "edit" right on the App (and I don't want this).

So, is it possible to authorise to launch the task but not giving the "edit" right on the task nor on the App ?

I hope I've been clear enough 

Thank you for your return,

Alexandra

Labels (1)
1 Solution

Accepted Solutions
Or
Master III
Master III

Unfortunately, I don't think there's any way to do that with the current limitations of the Security Rules engine (or if there is, I have no idea how to achieve it). That said, most of the information you're looking to make available can be read from the repository database, we have an in-house app set up to do exactly that (it also ties into our active directory and customized permissions setups so we can see all this stuff in one place). You could try that route.

View solution in original post

4 Replies
Or
Master III
Master III

You're going to have to give users Update permissions on the apps in question, but this shouldn't actually be a problem providing:

* Users should have update permissions only for QMC, not Hub / Both

* Users should not be given access to the "Apps" section in QMC, only the "Tasks" section.

Within this framework, I don't think there's any way for these users to actually modify the apps.

alexandra_dh
Contributor III
Contributor III
Author

Hi,

Thanks for your response. Indeed if I hide the App section I've no problem anymore.

But I really wanted to let them access this section to verify all the Apps published , the tags, informations of last date of publication, the CustomProperties applied etc ....

But it doesn't seems compatible.

It's true that many of these informations are available through the Hub ... I'll see ...

Or
Master III
Master III

Unfortunately, I don't think there's any way to do that with the current limitations of the Security Rules engine (or if there is, I have no idea how to achieve it). That said, most of the information you're looking to make available can be read from the repository database, we have an in-house app set up to do exactly that (it also ties into our active directory and customized permissions setups so we can see all this stuff in one place). You could try that route.

alexandra_dh
Contributor III
Contributor III
Author

Yes, I'll try this way. 

Thank you !