Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
stvegerton
Creator III
Creator III
‎2016-04-19 03:42 PM

Publish and REPLACE is not working for us

We're running a multi-node site v 2.2.3+Build:37release/ms15

We've got developers who own the apps, streams and app objects. They have the authority to publish and delete what they own via security rules...

Yet, when they try to publish and replace, it throws an error to the developer like this: "The operation failed due to insufficient privileges"

In the log it shows this:

Republish app403 Forbidden (HTTP code: 403)

Yet the rules audit show that they can publish and delete...

Anyone seen this before?

7,082 Views
0 Likes
31 Replies
Anonymous
Not applicable
‎2017-09-15 08:49 AM

In response to stvegerton

Result is the same. May be it is because the Context is "Both in hub and QMC"

824 Views
0 Likes
stvegerton
Creator III
Creator III
‎2017-09-15 08:53 AM
Author

In response to Anonymous

Ok that's what it should be. I'm kind of at a loss.

Today I cured an issue where everything looked great in the audit, but still the user could not replace...

Then I went into the rule and reselected the group from the list of values rather then typing it in. Which seemingly did nothing because I could not save the rule. Then I change the description of the rule thinking it would reinitialize the rule.. And it worked. My test user was then able to replace.

I use AD groups for security.

824 Views
0 Likes
stvegerton
Creator III
Creator III
‎2017-09-20 11:24 AM
Author

In response to Anonymous

Please try this:

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

824 Views
0 Likes
Anonymous
Not applicable
‎2017-09-22 08:56 AM

In response to stvegerton

Thanks! Duplicate and republish works. Next exercise is to limit access to one proper stream and this is not working anymore

824 Views
0 Likes
stvegerton
Creator III
Creator III
‎2017-09-22 09:16 AM
Author

In response to Anonymous

Ok, I do that in separate rules that look like this for example. You're going to need separate roles or AD groups by stream. We call these roles(AD groups); Community Developers. If I wasn't using AD groups, I'd use custom properties rather than roles. Just seems easier to set up. But here's what it looks like for one of our streams for example. It makes no sense to me why I'd need a separate global publish and replace rule, but I do.. If you ever want to have a webex so I can help, let me know

Name: Security rule for access to "Service Community"

Description: Rule for read only access to the Service Community Stream

Actions: Read

Resource Filter: Stream_*

Conditions: ((user.group="Qlik Sense Service Community" and resource.name="Service Community"))

Context: Only in Hub

Name: Security rule for Community Developers and Contributor access to "Service Community"

Description: Rule for Community Developers & Sr Community Developers & Contributors access to Service Community Stream

Actions: Create, Read, Publish, Export Data

Resource Filter: Stream_*,App*

Conditions: ((user.group="Qlik Community Developers") or (user.group="Qlik Sr Community Developers") or (user.group="Qlik Contributor")) and ((user.group="Qlik Sense Service Community")) and ((resource.resourcetype="Stream" and resource.name="Service Community") or (resource.resourcetype="App" and resource.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="sheet" and resource.owner.name=user.name and resource.app.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="story" and resource.owner.name=user.name and resource.app.stream.name="Service Community"))

Context: Both in hub and QMC

824 Views
0 Likes
Not applicable
‎2017-09-26 06:22 AM

In response to stvegerton

Hi Stephen,

Iam also facing the same issue on replacing apps and even after doing below iam not able to make it work..

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

any further suggestions...?

824 Views
0 Likes
stvegerton
Creator III
Creator III
‎2017-09-26 08:04 AM
Author

In response to

Hello Pushpit,

Couple questions:

1. Does the user role "test_StreamAdmin" exist in your environment?

2. Doe this role have read access to the Stream that contains the app you're trying to replace?

Thanks,

Steve

824 Views
0 Likes
Not applicable
‎2017-09-26 08:23 AM

In response to stvegerton

Hi Stephen,

Thanks for responding. the role i have is powerusers. and yes the members of the role have read access to the stream containing the app.

824 Views
0 Likes
stvegerton
Creator III
Creator III
‎2017-09-26 08:39 AM
Author

In response to

So your rule should look like this:

Name: PublishReplaceApp

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="powerusers"))

Context: QMC

824 Views
0 Likes
Not applicable
‎2017-09-26 08:41 AM

In response to stvegerton

Yes, that's exactly what i've done

824 Views
0 Likes