Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
alexandra_dh
Contributor III
Contributor III
‎2020-06-25 05:30 AM

In Qliksense QMC, authorise specific users to start task but not edit the task or the app

Hello Everybody,

There is my problem :

I've implemented a specific security in a production environement (I'm an administrator).

Only admins can publish and manage application on production. But delegated Admin have access to the QMC to see the Apps on which they are responsible for. They just have a "view" right. We don't want they edit the App, modifying Custom Properties for example.

I would like that through the QMC they can launch the tasks refering to the specific Apps on which they are responsible for. They musn't have the right to edit these task.

Today all is mainly OK,  except that when they launch the task, they have the error "Insufficient privilege".

The only way I've found to resolve this is to allow "edit" right on the App (and I don't want this).

So, is it possible to authorise to launch the task but not giving the "edit" right on the task nor on the App ?

I hope I've been clear enough 

Thank you for your return,

Alexandra

Labels (1)
Labels
1,597 Views
1 Solution

Accepted Solutions
Or
MVP
MVP
‎2020-06-27 04:44 PM

In response to alexandra_dh

Unfortunately, I don't think there's any way to do that with the current limitations of the Security Rules engine (or if there is, I have no idea how to achieve it). That said, most of the information you're looking to make available can be read from the repository database, we have an in-house app set up to do exactly that (it also ties into our active directory and customized permissions setups so we can see all this stuff in one place). You could try that route.

View solution in original post

1,524 Views
0 Likes
4 Replies
Or
MVP
MVP
‎2020-06-25 09:07 AM

You're going to have to give users Update permissions on the apps in question, but this shouldn't actually be a problem providing:

* Users should have update permissions only for QMC, not Hub / Both

* Users should not be given access to the "Apps" section in QMC, only the "Tasks" section.

Within this framework, I don't think there's any way for these users to actually modify the apps.

1,562 Views
0 Likes
alexandra_dh
Contributor III
Contributor III
‎2020-06-26 04:22 AM
Author

In response to Or

Hi,

Thanks for your response. Indeed if I hide the App section I've no problem anymore.

But I really wanted to let them access this section to verify all the Apps published , the tags, informations of last date of publication, the CustomProperties applied etc ....

But it doesn't seems compatible.

It's true that many of these informations are available through the Hub ... I'll see ...

1,546 Views
0 Likes
Or
MVP
MVP
‎2020-06-27 04:44 PM

In response to alexandra_dh

Unfortunately, I don't think there's any way to do that with the current limitations of the Security Rules engine (or if there is, I have no idea how to achieve it). That said, most of the information you're looking to make available can be read from the repository database, we have an in-house app set up to do exactly that (it also ties into our active directory and customized permissions setups so we can see all this stuff in one place). You could try that route.

1,525 Views
0 Likes
alexandra_dh
Contributor III
Contributor III
‎2020-06-29 03:20 AM
Author

In response to Or

Yes, I'll try this way. 

Thank you !

1,504 Views
0 Likes