Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
i would like to change the security settings in QlikSenseServer to give a specific usergroup or for example root and content admins the access on the datamodel in published apps.
Does anyone know how to do this or has already implemented this?
I know that by general this is not intended by the security settings of Qlik but i think this would be a big benefit in understanding the database when using an app which is not yours. The way to duplicate the app and then take a look at the datamodel is no option.
Thanks
Hi Tobi,
to let Users see the Datamodel in published apps, you have to create a user role f.e. "DataModelReader" by creating the following security role:
Recource filter: App_*
Actions: read, update (!!!)
Condition: user.role="DataModelReader"
Context: Both in Hub and QMC (!!!)
Now you have a new user role called "DataModelReader" which you can grant to your users.
Users having that role can see the the link to the data model and to the script. They can open the data model viewer and will see the data model but can not safe any changes.
They can also open the script editor, but they will not see any code -except the standard variable definitions- and they can not safe any changes in the script.
For we already talked to each other and tried that solution, I know this helps
Regards
Sabine
I dnt think it is possible.. Try if you csn find anything in security rules in QMC
Thanks for your reply.
In some of the security rules is mentioned the "App_Appscript" and the "Loadmodel".
This rule is actually given specific users the access to read the specified app-objects. But the Loadmodel and the appscript are explicitly negated. Anyway, removing this part doesnt give the access on the loadmodel.
(resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark")
and user.group like "*dev" and (resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")
Any other ideas?
Rather than changing the security rules, I would suggest you to deploy the data model app in their my work area.
So i should duplicate an app and locate it to each user? This would imply that for example if you change something in the datamodel you need to change the 100 duplicates of this app, or do i not understand you properly?
If I do this seems not viable to me.
A quick but not perfect solution could be to add a picture of the ddata model in an app sheet.
It is not optimal, but it will give your users a feel for the data.
Thanks vegar.lie.arntsen for your idea. I will keep this in mind as an quick overview for some cases, but of course it would be nice to use the full model with all these worthy informations.
It's a great question. If you have 100+ users , This is not a right solution.
If your intended audiences are developers and need only for few of them you can go for it. Otherwise add as picture inside story is appropriate place.
I found a solution in an other thread:
Re: can't see a peer's data load editor scripts
That means, you only have to change the content admin security rule to work in "hub and qmc".
Works fine for me, tested in QS 3.1.1.
It still has some sideeffects, as for now i can see ALL apps in "my work", but i guess all of this is managable with some more accurate securtiy rules.
Hi Tobi,
to let Users see the Datamodel in published apps, you have to create a user role f.e. "DataModelReader" by creating the following security role:
Recource filter: App_*
Actions: read, update (!!!)
Condition: user.role="DataModelReader"
Context: Both in Hub and QMC (!!!)
Now you have a new user role called "DataModelReader" which you can grant to your users.
Users having that role can see the the link to the data model and to the script. They can open the data model viewer and will see the data model but can not safe any changes.
They can also open the script editor, but they will not see any code -except the standard variable definitions- and they can not safe any changes in the script.
For we already talked to each other and tried that solution, I know this helps
Regards
Sabine