Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ksasidhars
Creator
Creator
‎2016-05-03 11:26 PM

Need help on Streams 'n' Apps Access

Hi All -  We are on v2.1.1 and need help on the security rule for the below scenario - Could you please help in this!

Can you plz check if you got the procedure to allow FULL ACCESS to Stream and CONDITIONAL ACCESS to Apps in that Stream or let me know your thoughts on the same

Scenario -

Stream (holding App1, App2, App3& App4) has access to all 4 groups A,B,C,D

App1 to be accessed by A

App2 to be accessed by B

App3 to be accessed by C

App4 to be accessed by D

Thanks!

8,516 Views
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎2016-05-04 03:31 PM

Hope this helps. You need to create custom properties one belongs to streams and users. Another custom property belongs to App and users.

Each stream will have custom property value. For example lets say you created a custom property called StreamGroup. You have a stream called Testing. Create a value of Testing or  something that you can identify that it belongs to Testing stream in StreamGroup Custom property. Once you created assign that value of custom property to Stream. Same thing goes with App also.

Stream values and App values from custom property also applies to user profile. Once this is done you will create universal security rule

Disable Stream security rule in order to have below things work

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

Name of the Rule : UDR_Stream_App Custom Rule  (This will give access to specificApp to users. AppLevelMgmt  is custom property for apps. By default if you dont have any restriction in a stream then you dont assign any values to App. In a stream if you want maintain security for each app then you will assign values of that app and to users.)

Resource Filter : App_*

Context: Hub

Conditions : resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt ))

We learned it in a hardway to implement these.Security rules is different world to maintain. please test a lot before making available to users.

View solution in original post

6,894 Views
7 Replies
Anonymous
Not applicable
‎2016-05-04 03:31 PM

Hope this helps. You need to create custom properties one belongs to streams and users. Another custom property belongs to App and users.

Each stream will have custom property value. For example lets say you created a custom property called StreamGroup. You have a stream called Testing. Create a value of Testing or  something that you can identify that it belongs to Testing stream in StreamGroup Custom property. Once you created assign that value of custom property to Stream. Same thing goes with App also.

Stream values and App values from custom property also applies to user profile. Once this is done you will create universal security rule

Disable Stream security rule in order to have below things work

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

Name of the Rule : UDR_Stream_App Custom Rule  (This will give access to specificApp to users. AppLevelMgmt  is custom property for apps. By default if you dont have any restriction in a stream then you dont assign any values to App. In a stream if you want maintain security for each app then you will assign values of that app and to users.)

Resource Filter : App_*

Context: Hub

Conditions : resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt ))

We learned it in a hardway to implement these.Security rules is different world to maintain. please test a lot before making available to users.

6,895 Views
ksasidhars
Creator
Creator
‎2016-05-05 12:59 PM
Author

In response to Anonymous

Thank you, Vamsi! for your time and reply on this. I did almost the same way and initially not working. So tried checking if any other workaround for this.

On again, Thank you!!

6,894 Views
0 Likes
shraddha_g
Partner - Master III
Partner - Master III
‎2016-10-26 08:18 AM

In response to Anonymous

I have done the same thing. It worked perfectly for Apps but then it is not showing any Sheets in those apps.

Do I need to change any other Security rule?

6,894 Views
0 Likes
Not applicable
‎2016-11-03 06:47 AM

I am facing same problem as Shraddha, No sheets are visible from app.

6,894 Views
0 Likes
shraddha_g
Partner - Master III
Partner - Master III
‎2016-11-03 11:25 PM

In response to

Hi Nitin,

It worked for me.

Can you explain the steps you followed?

6,894 Views
0 Likes
kaldubai
Creator
Creator
‎2018-01-29 04:25 AM

In response to shraddha_g

Hi @Shraddha Gajare

im having the same problem as Nitin.

apps are showing but no sheets are visible.

so i followed the same exact thing above

1-i created two custom properties

** StreamGroup  for stream and users

value : Sale

**AppLevelMgmt for apps and users

no value at first try to give the user full access to apps.


2-i have a stream called Sales:

assigned  costume property value StreamGroup =Sale



3- Security Rules applied


1st

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

2nd

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

4-User 1

assigned  costume property value StreamGroup =Sale



do we have to apply another security rule for sheet level ??

6,894 Views
0 Likes
Onyi_Nwabia-Robbins
Contributor III
Contributor III
‎2019-01-14 03:10 AM

In response to kaldubai

For anyone who is still having issues with this, please make sure the two security rules that manage the app access are both for App* and NOT App_*. 

This will ensure the user has access to all app content and not just the app. 

I hope this helps. 

6,710 Views