Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
roisolberg
Creator
Creator

Sheet level security not working

Hi All,

I've created some security rules for the stream and apps successfully.

i have defined which users can see which streams and also which apps inside the stream.

now i am trying to create sheet level security so the user can only see one of the sheets.

I've tried to do so using a few different manuals such as:

https://community.qlik.com/t5/Qlik-Sense-Enterprise-Documents/Sheet-or-App-Object-Level-Security-Qli... 

https://community.qlik.com/t5/Qlik-Sense-Deployment-Management/Sheet-Level-Access-with-Custom-Proper... 

and more..

 

The rule that i have defined is supposed to give access to the user 'Brain Paul' for only 1 sheet "R&D Projects" in 1 app.

The rule:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(user.name="Brian Paul" and resource.objectType="sheet" and resource.name="R&D Projects")

))

 

the rules seems fine and it has been validated and when i press preview this is what i get:

clipboard_image_0.png

 

but when i enter the model with Brian's user i can see all of the sheets.

 

any ideas?

 

Thanks,

Roi

 

Labels (4)
1 Solution

Accepted Solutions
roisolberg
Creator
Creator
Author

Solved.

i've added and (resource.objecttype!="sheet" )  to my custom stream rule,

 

then created a new custom property of UserFilter and created 2 new security rules for app*:

1)

((resource.resourcetype="App.object" and resource.published="true") and resource.app.stream.hasprivilege("read") and resource.objecttype="sheet" ) and (resource.name="R&D Projects" ) and (user.@UserFilter="RnD")

 

2)

((user.@UserFilter="None")) and resource.published ="true"

 

of course i gave the desired users the correct filter and now it works.

View solution in original post

5 Replies
roisolberg
Creator
Creator
Author

Solved.

i've added and (resource.objecttype!="sheet" )  to my custom stream rule,

 

then created a new custom property of UserFilter and created 2 new security rules for app*:

1)

((resource.resourcetype="App.object" and resource.published="true") and resource.app.stream.hasprivilege("read") and resource.objecttype="sheet" ) and (resource.name="R&D Projects" ) and (user.@UserFilter="RnD")

 

2)

((user.@UserFilter="None")) and resource.published ="true"

 

of course i gave the desired users the correct filter and now it works.

vegard_bakke
Partner - Creator III
Partner - Creator III

Hi Roisolberg,

 

Could you please post your Resource filer, Actions and full Conditions for you custom stream rule?

 

I'm trying to add the same condition to remove the sheet, but then my stream does not appear. So something is different, and I'd like to find out what. 🙂

 

 

roisolberg
Creator
Creator
Author

Hi @vegard_bakke ,

 

First, i've created 3 custom properties:

clipboard_image_0.png

Group (this will be used for stream level access)

ApplevelMgmt (this will be used for sheet level access)

UserFilter (this will be used for App level access)

then, i went to the security rules:

iv'e disabled the default stream rule,and set up a few new rules

1. create the rule that a group could see only the stream related to that group

clipboard_image_1.png

2. this is replacing the default steam rule (After modification)

clipboard_image_3.png

Condition - (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet" ))

 

3. this rule is used for filtering apps in streams

clipboard_image_5.png

 

4. this rule is used for filtering sheets in apps

clipboard_image_6.png

 

5. after rule number 4 i had a problem that every developer was seeing other developers app on the work stream so i made this last rule and it resolved the issue:

clipboard_image_7.png

 

Of course i assigned to the stream, users and apps the correct attributes according to my plan and this worked out great for me.

 

hope it will be the same for you, Good luck!

alis2063
Creator III
Creator III

what the difference between Point 1 & Point 2 then ?as both are replacing the by defalut Stream & Apps rule .

You mean to say that default rule take care of Stream  & Apps level at single instance using  single rule (default)??

Regards,

Ali

alis2063
Creator III
Creator III

does RULE  no 5 will affect the sheet level security??