Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
stvegerton
Creator III
Creator III

Publish and REPLACE is not working for us

We're running a multi-node site v 2.2.3+Build:37release/ms15

We've got developers who own the apps, streams and app objects. They have the authority to publish and delete what they own via security rules...

Yet, when they try to publish and replace, it throws an error to the developer like this: "The operation failed due to insufficient privileges"

In the log it shows this:

Republish app403 Forbidden (HTTP code: 403)

Yet the rules audit show that they can publish and delete...

Anyone seen this before?

31 Replies
Anonymous
Not applicable

Result is the same. May be it is because the Context is "Both in hub and QMC"

stvegerton
Creator III
Creator III
Author

Ok that's what it should be. I'm kind of at a loss.

Today I cured an issue where everything looked great in the audit, but still the user could not replace...

Then I went into the rule and reselected the group from the list of values rather then typing it in. Which seemingly did nothing because I could not save the rule. Then I change the description of the rule thinking it would reinitialize the rule.. And it worked. My test user was then able to replace.

I use AD groups for security.

stvegerton
Creator III
Creator III
Author

Please try this:

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

Anonymous
Not applicable

Thanks! Duplicate and republish works. Next exercise is to limit access to one proper stream and this is not working anymore

stvegerton
Creator III
Creator III
Author

Ok, I do that in separate rules that look like this for example. You're going to need separate roles or AD groups by stream. We call these roles(AD groups); Community Developers. If I wasn't using AD groups, I'd use custom properties rather than roles. Just seems easier to set up. But here's what it looks like for one of our streams for example. It makes no sense to me why I'd need a separate global publish and replace rule, but I do.. If you ever want to have a webex so I can help, let me know

Name: Security rule for access to "Service Community"

Description: Rule for read only access to the Service Community Stream

Actions: Read

Resource Filter: Stream_*

Conditions: ((user.group="Qlik Sense Service Community" and resource.name="Service Community"))

Context: Only in Hub

Name: Security rule for Community Developers and Contributor access to "Service Community"

Description: Rule for Community Developers & Sr Community Developers & Contributors access to Service Community Stream

Actions: Create, Read, Publish, Export Data

Resource Filter: Stream_*,App*

Conditions: ((user.group="Qlik Community Developers") or (user.group="Qlik Sr Community Developers") or (user.group="Qlik Contributor")) and ((user.group="Qlik Sense Service Community")) and ((resource.resourcetype="Stream" and resource.name="Service Community") or (resource.resourcetype="App" and resource.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="sheet" and resource.owner.name=user.name and resource.app.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="story" and resource.owner.name=user.name and resource.app.stream.name="Service Community"))

Context: Both in hub and QMC

Not applicable

Hi Stephen,

Iam also facing the same issue on replacing apps and even after doing below iam not able to make it work..

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

any further suggestions...?

stvegerton
Creator III
Creator III
Author

Hello Pushpit,

Couple questions:

1. Does the user role "test_StreamAdmin" exist in your environment?

2. Doe this role have read access to the Stream that contains the app you're trying to replace?

Thanks,

Steve

Not applicable

Hi Stephen,

Thanks for responding. the role i have is powerusers. and yes the members of the role have read access to the stream containing the app.

stvegerton
Creator III
Creator III
Author

So your rule should look like this:

Name: PublishReplaceApp

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="powerusers"))

Context: QMC

Not applicable

Yes, that's exactly what i've done