QlikSense Admin - Access on Stream level - Qlik Community

psenthilbtech · ‎2019-10-20

Hi Team,

I have a requirement ,

Where we have around 40 Streams and 230 Applications deployed in our Qlik Environment.

I have give access to few users for all the streams and applications and all sheets except Work Stream.

How do i achieve this.

The users are been added in the Custom Properties. Need your inputs on this

BTIZAG_OA · ‎2019-10-21

Hello,

You can change node purpose to production for take away "Work" from users or else you need to disable createapp right. Then you can setup your SR for stream&app access.

sasikumar · ‎2019-10-25

hi

refer the link to achieve hide app from stream.

https://community.qlik.com/t5/Qlik-Sense-Deployment-Management/Restrict-access-in-applications-manag...

following Security rule to hide app from stream and hide sheet from app

1.Create Custom Property for hide app

Name: AppLevelRestrict

Description: This custom property allows for app-level exceptions to stream access. With this custom property an app resides in a stream that many users have access, but only a few have access to the specific application.

Resource Types: Select Apps, Users

Values: Using the “Create new“ button, create the values work and mgmt(no. of values are based on no. of apps in the stream)

2.Create Custom Property for Hide sheet

Name: sheethide

Description: This custom property allows for Sheet-level exceptions to App. With this custom property a Sheet starts with nprint_ can visible to user.

Resource Types: Select Apps, Users

Values: Using the “Create new“ button, create the values called “work_”.

3.Disable Default Security Rule

Disable the Security rule, named as “Stream” (In “Security rule”, Select “Stream” from the list)

4.Creating security Rule to Hide app from stream

Rule 1:

Custom template : App access

Name: Custom-Stream-Rule

Description: Allow users to see/read resources if they have read access to the stream it is published to.

Actions: Read

Resource filter: Edit the Resource filter App_* as App*

Context: Both in hub and QMC

Conditions:

(

resource.resourcetype = "App"

and resource.stream.HasPrivilege("read")

and resource.@AppLevelRestrict.empty()

)

or

(

resource.resourcetype = "App.Object"

and resource.published = "true"

and resource.objectType != "app_appscript"

and (resource.objectType = "sheet"

and !(resource.name like "work_*") )

)

and resource.app.stream.HasPrivilege("read")

)

Rule 2:

Custom template : App object access

Name: Custom-Sheet-Exception

Description: Allow users to see sheet starts with name “nprint_” if they have the “Nprintuser” custom properties at the user level.

Actions: Read

Resource filter: App.object_*

Context: Both in hub and QMC

((resource.objectType="sheet" and resource.published ="true" and resource.name like "work_*" and (user.@nprintuser="sheethide"

or user.roles="RootAdmin" )) or (resource.resourcetype = "App.Object"

and resource.published = "true"

and resource.objectType != "app_appscript"

and resource.objectType="sheet"

and !((resource.name like "work_*") ))

or (resource.published ="true" and resource.objectType!="sheet")) and resource.app.stream.HasPrivilege("read")

Rule 3:

Custom template : App access

Name: Custom-Apps-Exception

Description: Allow users to see apps with exception properties if they also have the same exception properties at the user level.

Actions: Read

Resource filter: Edit the Resource filter App_* as App*

Conditions:

resource.stream.hasprivilege("read") and ((user.@AppLevelRestrict=resource.@AppLevelRestrict))

Context: Both in hub and QMC

5. Set AppLevelRestrict custom property to Apps

6. to hide sheet - change the sheet name and sheet name must start to work_

Thanks,

Sasikumar

To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

QlikSense Admin - Access on Stream level

qliksense administration

Stream level access