Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

App based security rule in qlik sense

Hi,

i have two apps and some AD goups into which users have been added. same user are part of multiple AD groups.

I have a scenario, where i want to give one AD group to create sheet, bookmark, publish sheets and all facilites under one app.

where as for the second app, i want to give this AD group without sheet creation permission.

which means they can create all other app ojects like bookmark , story and all.

I tried to use the below security rule, but it did not work.

please advise in which part i am doing wrong.

i have disabled the stantad create app object security rule in qmc.

also is it possible to restrict users to create a sheet but not capable of publishing that.

App1

================

Resource filter - App_05f36db7-22e7-4da2-9900-abcf8316a94c,App.Object_*

Condition -

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType != "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !(user.group="TEAM1")

App2

===============

Resource filter -  App_22e7-4da2-9900-abcf8316a95c,App.Object_*

Condition

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType != "sheet" or resource.objectType = "story" or resource.objectType != "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !(user.group="TEAM1")

3 Replies
Anonymous
Not applicable
Author

Hi,

Could you explain what they are seeing now?

Or what is it that is not working as per your expectations.

+ what do you want to do with 2 times "and !(user.group="TEAM1")"

Meaning that users should not be part of that group for both rules.

Not applicable
Author

actually i have two apps and access to this apps is based on AD groups.

i want to define security rule so that the same user.group = TEAM1 can have access below.

APP1

--------------

the users under TEAM1 AD group should can duplicate, edit sheets and can create stories and bookmarks

But for APP2, the same TEAM1 AD group should only have readonly access, no duplicate or edit, or create bookmark or anything.

Not applicable
Author

Hi,

We have to achieve this through Custom property.

Please view the full YouTube video using the below link:

https://www.youtube.com/watch?v=feSaaJZ7Jco


Please mark my comment helpful!