Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello Qliker's,
I'm trying to implement the sheet level section access to the application published on our client server. I created the security rule having the logic sheets name like "ZSM" shall only be displayed to the certain group and other shall view the sheets which doesn't have the sheet name like "ZSM".
I applied the following rule which isn't successful. Please review my security rule below,
((resource.id="App ID") and (user.@User_Type="Restricted User" and resource.name like "ZSM") or (user.@User_Type="Users" or resource.name!="Customer Analysis - ZSM" and resource.name!="Customer Details - ZSM" and resource.name!="Dashboard - ZSM" and resource.name!="Order Analysis - ZSM" and resource.name!="Target Analysis - ZSM"))
Please help, kindly help if I should follow any other steps in security rule.
Best Regards,
Mohan
Hi Mohan,
I think U have created only one Custom Property User_Type?.
1. Create a Custom Property User_Type with User and Stream as resource type.
and values will be Restricted_User and Unrestriceted_User.
Stream level User Access Rule will be:
((user.@User_Type=resource.@User_Type)).
2.Then Create a Custom Property AppLevelManagement with User and App as Resource Type.
and values will be Restricted and Unrestriceted.
First Disable the Default stream Rule ,then create new security rule for App.
((user.@AppLevelManagment=resource.@AppLevelManagment)).
Please make sure for users,streams and applications associated with the respective custom property.
,
Did you disable the rule that gives access to the sheet if you have access to the stream?
Remember that Qlik is a positive security system: once you have access you have access...
Below a way to do it. There are other ways:
How to disable the generic rule:
1.Go on the QMC
2.Open the Security Rules section in the QMC.
3.Select the default generic rule called Stream. As explained before, this rule allows users to access all Streams.
4.After selecting this rule, tick the case “Disabled”.
UnRestrictedclient:
((resource.resourcetype = "App“and resource.stream.HasPrivilege("read"))
or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")
and resource.app.stream.HasPrivilege("read")))
and user.userDirectory != “RESTRICTEDCLIENT"
RestrictedClient:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))
or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “RESTRICTEDSHEET") and user.userDirectory = “RESTRICTEDCLIENT")
Kind Regards,
Hi Dion,
Thanks for your time.
I recreated the rule as you suggested in RestrictedClient. The rule is working as expected. But I the restricted user couldn't able to view the charts which are on the dashboard already.
Also, Kindly verify my Resource filter and Actions shown below.
Below is the rule I wrote as suggested.
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))
or
((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name LIKE “*ZSM") and user.@User_Type="Restricted User")
or
((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “*ZSM") and user.@User_Type="User")
Best Regards,
Mohan
Hi Mohan,
I also faced the same issue ,
Inst-ed of writing 3 rules i wrote the below two separate rules for two groups :
Sheet Level:
Rule1: DomianGroup
Resource Filter:App.Object_*
((user.@Group="Domain" and resource.name="ZSM"))
Rule2: GlobalGroup
Resource Filter:App.Object_*
((user.@Group="Global" and resource.name!="ZSM"))
I hope it will solve your problem.
Hi Suhasini,
I disabled all the rules I created before for sheet level access and created the rule as you suggested. I wouldn't able to find the application in the stream.
Could you suggest what can be done after?
Hi Mohan ,
Is Application level Management working correct?,
have you assigned the application level custom property to Users.
Hi,
Yeah, I have assigned the custom properties to all the users allocated.
Just the clarification, in the rule, you mentioned user.@Group is the customer prroperty you were mentioning right?
Hi Mohan,
Group is a custom property with User and stream resource type.
Hi,
Could you tell me, how do I check the app level management is working?
Hi Mohan,
please refer this post till 9th step for Application Level Management.