Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Programatically assess whether user can access an app

Hi all,

is there an API method I can call that returns whether a user can access (security restrictions) an application?

Thanks,

Shane.

6 Replies
Not applicable
Author

I think the Security rule audit is what you are searching like this Let us know how you do.

Please mark the appropriate replies as helpful / correct so our team and other members know that your question(s) has been answered to your satisfaction.

Regards

Daniel Zanders

QlikSupport

Not applicable
Author

Thanks for that - I'll want to access this from an extension...

Do I (can I) just make a POST AJAX request to /qrs/systemrule/security/evaluatetransientresources?

I'm assuming it doesn't take any parameters. 

Thanks,

Shane.

ErikWetterberg

I'm not sure this is what you are after, but the getAppList() method in mashups API should only contain apps the user has access to.

Joe_Bickley
Employee
Employee

Hi Shane.

Depends on your aim, if you call /qrs/app and the request is made as the user itself then the returned apps are only those that the user can see, security rules are applied on API calls too. (this is a QRS API call but the engine call in Eriks post is similar but to a different API).  Getting nothing back would mean access to no apps.  Similarly you can post app ID to the end of the path for a single app.

Or are you trying to gather this data without the users login context? eg to get a list of what users can do to embed in an app or similar?

Joe

Not applicable
Author

Hi Joe,

based on what Erik has said, I should be ok.  If the list of apps is restricted based on what the current user can access, then my code has already been written!

Thank you,

Shane.

Not applicable
Author

If the response contains only apps the user has access to, I am happy.  It's exactly what I wanted.

Thanks,

Shane.