Solved: Re: help in security rule - Page 2 - Qlik Community

ali_hijazi · ‎2017-02-28

Hello

I'm working on Qlik sense 3.2

I need to accomplish the following:

I need to enable the Edit button on top right for only the users who got a specific value of a custom property

please advise

I can walk on water when it freezes

ali_hijazi · ‎2017-02-28

I don't understand what you wrote

I'm sorry

these security rules are so complicated and are making my life like hell

I can walk on water when it freezes

MK9885 · ‎2017-02-28

I gave access to 3 sheets for this user, you can add more than 1 though and you can uncheck publish in Actions and just read option checked.

In Template, select Create App Object Access

In resource Filter Select App.Object_*

ali_hijazi · ‎2017-02-28

this is not what I want
I want to enable the EDIT button only for users who got the value YES for a custom property called users_can_edit_content

I can walk on water when it freezes

MK9885 · ‎2017-02-28

Stream Level Access

((user.name="YOURUSERNAME" and resource.@users_can_edit_content="YES" ))

And check Create, Publish and Update

ali_hijazi · ‎2017-02-28

why do I have to select stream level access?

is the Edit button related to stream level access?

what do you mean by resource in this "script";

users are already assigned another custom property to access the stream that have the same custom property brims_access_type

let's forget about it

I quit

these security rules are hell

I can walk on water when it freezes

MK9885 · ‎2017-02-28

You want a user able to EDIT the app in hub without duplicating it and also publish it?

What actually you want? Please break it down with bullet points... Will try to help you more on this.

Want stream level or app level or sheet level?

What Custom property and value you have?

You doing individual user or adding users to group?

ali_hijazi · ‎2017-02-28

I have a published app

by default users can Edit a sheet ; Duplicate the sheet

I want this option to be available for ONLY users who got a custom property value YES

let's say the custom property is called user_can_edit_content

if I give the user this custom property value then enable the EDIT button

otherwise disable it

I can walk on water when it freezes

MK9885 · ‎2017-02-28

thank you, that's much easy to understand...
I'll see what I can do for your scenario and update it here.

OmarBenSalem · ‎2017-02-28

jog‌

Hi Jeffrey,

I'm currently trying to prevent all the users I have from editing or creating sheets in a published app !

Only the Administrator is able to do so;

Here's what I did :

I disabled a rule called: CreateAppObjectsPublishedApp

copied it and created a new rule :

filter : App.Object_*

create- update

rule:

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and user.name="Administrator"

But nothing happens, all of the users still can edit and create sheets in published apps.

what am I missing?

The same process could be applied on Ali's case; just replace the user.name by user@hiscustomproperty

Thank you,

MK9885 · ‎2017-02-28

So I've found answer to your question, after a long struggle...

1. Disable 'CreateAppObjectsPublishedApp' in security rule (which will disable Create for all users)

2. Create a New Security rule as following Image

When you Disable 'CreateAppObjectsPublishedApp' and 'Default Stream_*', other users will loose access to their apps and you'd need to create new rules for all other users/groups.

It worked for and it should work for you if you follow the above steps.