Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Customer & Partners, DEC. 9, 11 AM ET: Qlik Product & Strategy Roadmap Session: Data Analytics REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
deec
Creator
Creator

Security Rules - Access stream if have access to app

I was wondering if it is possible to let users only see streams they have an app in. Without having to maintain their stream access in another list. In other words, it should be one simple rule, not forcing me to maintain all streams listed somewhere.

I am importing users with attributes, which I can then tie to apps:

User: John (has a user attribute named "appAccess" with a value of "ABC")

App: ABC resides in the Sales stream

So I'd like to create a rule that allows John to see the Sales stream because he has access to the App inside.

The rule for app access is simple: Resources: Apps_* (user.appAccess=resource.Name)

I do not want another user to be able to see the Sales stream, unless they can see an app inside.

Thanks

Labels (2)
2 Replies
sasikumar
Partner
Partner

hi,
Did you create security rule for this ? let me know
if not i will test this scenario in my environment and ill update you
deec
Creator
Creator
Author

@sasikumar thanks for checking in. I was never able to successfully create a rule for Streams that takes into consideration whether the user has access to an app within that stream.

I think the problem stems from property lookup going up, not down. 

For example a Stream can be looked up by the app: app.Stream

But an App can't be referenced by the stream: Stream.app? Possibly because of the one-to-many relationship?


So for now, my users can see all streams. Even if there are no apps inside for them to see. Which is not ideal, but it beats having to manage their stream visibility via UDC user attributes.