Two security rules where each rule grants "export ... - Qlik Community

mwallman · ‎2019-08-16

Hello all,

Is it possible to have two security rules where each rule grants "export data" capability to specific streams?

For example, we have to streams:

Monitoring apps
Everyone stream

Currently, we have disabled the ExportAppData security rule and created a custom rule where it provides export data capability on the Monitoring Apps stream where the user has read permissions.

The rule reads like this:

((resource.stream.name="Montoring apps") and resource.hasPrivelege("read"))

New requirement (possible new rule?)

We now have a rule where from the whole population of users who have access to apps in the Everyone stream... some of them need to have export app data capability for the apps in the everyone stream.

So is it possible to have two rules, one like the original above, and another one where some users can export from apps in the Everyone stream?

Nicole-Smith · ‎2019-08-16

You could probably do it in the one rule if you wrote it something like this (using user.group as example--replace it with whatever determines this access for you):

(resource.stream.name="Montoring apps" and resource.hasPrivelege("read")) OR (resource.stream.name="Everyone" and resource.hasPrivelege("read") and user.group="EveryoneExport")

mwallman · ‎2019-08-22

This seems good!

Would having two different security rules also work?

Nicole-Smith · ‎2019-08-22

Because of the OR condition, I believe you need to do it in one.

Two security rules where each rule grants "export data" capability to specific streams?