Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
hewemel1
Partner - Contributor II
Partner - Contributor II
‎2023-10-20 06:01 AM

Security rule that allows only setting/removing values for a custom property of users

We use security rules that give users access to streams and apps based on a custom property 'access_class' on the users, steams, and apps: If, for this property, the values on a resource (stream or app) matches the values on the user (value intersection is not empty), access is granted. Only problem: There are many users, and the root admin is the only one who can set property values for them.

Thus, we would like to define a new admin role UserPropertyAdmin for admins who can only set/remove property values on the users - not the properties on other ressources, not other data of the user, and not defining/changing other existing or new properties (and optimally: setting/removing only values of the specific property 'access_class').

Has somebody a hint for me, how to correctly set the resource filter and resource conditions? Or a hint to some kind of documentation for resources 'around' custom properties that I can target in a security rule?

(I have already re-read the respective sections of the help for qlik sense for administrators, and the page Collection of Specific Rule Scenarios and Customization of Qlik)

Thanks in advance

Labels (1)
Labels
394 Views
1 Reply
Alan_Slaughter
Support
Support
‎2024-10-11 12:07 PM

Hi Helmut, maybe this will help:


To define a custom security role with restricted permissions for managing user properties, you can follow these steps:

1. Create a new custom security role, for example "UserPropertyAdmin".
2. Grant this role the specific permissions needed to set and remove values for the "access_class" property on users.
3. Do not grant any additional permissions beyond managing the "access_class" property values for users.
4. Assign this "UserPropertyAdmin" role to the administrators who should have this restricted access.

This approach allows you to create a custom security role with the precise permissions needed, limiting administrators to only set or remove values for the specific "access_class" property on users. They will not have permissions to modify other user data or manage properties on other resources.

99 Views
0 Likes