Professional users can edit "public sheets" in pub... - Qlik Community

EliGohar · ‎2024-07-14

Hi,

We are in the process of moving to a new version of Qlik (May 2024), Currently have the May 2022 version.
In the previous version - when a professional user opened a published application (from everyone stream) - he could not directly edit public sheets but click on the duplicate button and work on a copy.

When we upgraded to May 2024, we discovered a gap - a professional user can edit such sheets directly.
We want to prevent this.

I would appreciate your help.

Attached is the current security rule:

Thank you!

Or · ‎2024-07-14

Hi Eli,

Are you sure this is the right rule? It looks like this one only applies to Create, which means it shouldn't impact the ability to edit existing objects. Perhaps there is another rule in play?

If you've confirmed that this is the problematic rule, it looks to me like it might be a bug, in which case, you'll want to file it with Support.

TcnCunha_M · ‎2024-07-17

Try:

(!resource.App.stream.Empty()
and resource.App.HasPrivilege("read")
and (resource.objectType = "userstate"
or resource.objectType = "story"
or resource.objectType = "bookmark"
or resource.objectType = "snapshot"
or resource.objectType = "embeddedsnapshot"
or resource.objectType = "hiddenbookmark")
and !user.IsAnonymous())

As you think, so shall you become.

Professional users can edit "public sheets" in published application

General Question

Security

Security & Governance