Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

Announcements
Qlik® Product Spotlight: Discover what’s possible. Get more from our products.
See for yourself. Register today.
Not applicable

All app object access except sheets

I am trying to set up a security rule so that the users can have access to all app objects except sheets. Further, users should only be able to see bookmarks, stories etc.created by themselves and should not see the bookmarks, stories etc. created by other users.

I have been trying the following:

Resource filter: App.Object_*

Actions: Create, Read

Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate"  or ((resource.objectType = "story" and story.owner=user) or (resource.objectType ="bookmark" and bookmark.owner=user) or resource.objectType = "snapshot"  or  resource.objectType = "embeddedsnapshot"  or resource.objectType = "hiddenbookmark")) and !user.IsAnonymous()

But this rule removes the capability of Users to create book marks, stories etc.

Can anyone point out where i am going wrong?

6 Replies
rohitk1609
Not applicable

Re: All app object access except sheets

Hi Ashutosh,

What you need to do just restrict Sheet in security rule , Donot add any rule for what you want to show to your concern user because by default user can see everything , Security rules are here for restrict objects from a user .

Not applicable

Re: All app object  access except sheets

That is the requirement.

If you see the security rule closely, I have tried to pin the ownership of app objects (bookmarks, stories, etc) to the corresponding user, but its not working -- Am I missing something?

rohitk1609
Not applicable

Re: All app object  access except sheets

Hi Ashutosh,

As you have created your security rule , you are trying to grant the access of story , book mark to user but what you need to do , try to restrict user to sheets only , by default rest of the object like bookmarks can be accessible to your user. 

Not applicable

Re: All app object  access except sheets

I understand what you mean. But the point is, I want the users to create stories, bookmarks etc. (but not sheets) -- so if I provide "Read" access to Sheets, it will only provide read access to bookmarks, stories etc. But they will not be able to create bookmarks, stories etc.

Not applicable

Re: All app object  access except sheets

Thanks Rohit for you help.

Was able to create the rule as below to have users create app objects (except sheets), and the users should not be able to see app objects (bookmarks, stories etc.) created by other users).

Should be useful for anyone looking for such a requirement.

Resource Filter: App.Object_*

Actions: Create

Condition: !resource.App.stream.Empty() and (resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous()

rohitk1609
Not applicable

Re: All app object  access except sheets

Hi Ashutosh,

What if you provide Create Access too ?