Hi Roisolberg,

Could you please post your Resource filer, Actions and full Conditions for you custom stream rule?

I'm trying to add the same condition to remove the sheet, but then my stream does not appear. So something is different, and I'd like to find out what. 🙂

Hi @vegard_bakke ,

First, i've created 3 custom properties:

Group (this will be used for stream level access)

ApplevelMgmt (this will be used for sheet level access)

UserFilter (this will be used for App level access)

then, i went to the security rules:

iv'e disabled the default stream rule,and set up a few new rules

1. create the rule that a group could see only the stream related to that group

2. this is replacing the default steam rule (After modification)

Condition - (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.objecttype!="sheet" ))

3. this rule is used for filtering apps in streams

4. this rule is used for filtering sheets in apps

5. after rule number 4 i had a problem that every developer was seeing other developers app on the work stream so i made this last rule and it resolved the issue:

Of course i assigned to the stream, users and apps the correct attributes according to my plan and this worked out great for me.

hope it will be the same for you, Good luck!

what the difference between Point 1 & Point 2 then ?as both are replacing the by defalut Stream & Apps rule .

You mean to say that default rule take care of Stream  & Apps level at single instance using  single rule (default)??

Regards,

Ali

does RULE  no 5 will affect the sheet level security??