Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
hlines_usacs
Creator II
Creator II

Hide a chart for a specific AD group

Hello,

I want to hide a chart on a sheet when the user is a member of a specific Active Directory group.

Is this possible in version 3.2.4? If yes, what is the best way to implement?

 

If not, what version do I need?

Thanks!

1 Solution

Accepted Solutions
hlines_usacs
Creator II
Creator II
Author

We ended up doing a few things to solve this issue.

1. We upgraded to the most recent version.

2. I made a duplicate of the sheet that has the charts we want to show or hide based on the AD group. One sheet has 4 charts, and the other has 2. The second sheet has an extra space in the sheet name in order to differentiate.

3. We disabled the default STREAM security rule, but added a rule for each of the streams. These new security rules were copies of the default, but a filter added for the stream it was for.

4. We added a new security rule and used the conditions below. "Production" is the name of the stream, AD Group does not see "SheetA", and AD Group Limited does not see "Sheet A" (space between sheet and A).

Conditions for security rule:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")) and (resource.stream.name="Production" or resource.app.stream.name="Production") and

(resource.objectType != "sheet" or resource.name != "SheetA" or user.group="AD Group") and

(resource.objectType != "sheet" or resource.name != "Sheet A" or user.group="AD Group Limited")

View solution in original post

10 Replies
Digvijay_Singh

I don't think you can hide a chart based on Group but you can hide dimensions used by the chart using Section access OMIT feature. The side effect is all the chart using these OMIT dimensions for a group will not render.

If the group field is available somehow in data model, may be in chart calculation condition it can be used to stop chart calculation.

hlines_usacs
Creator II
Creator II
Author

I would prefer not to use the OMIT feature.

Is it possible to hide a specific sheet?

jonathandienst
Partner - Champion III
Partner - Champion III

Not for an AD group. You can use a conditional with OSUser() to get the users's login name, but there is no way to get to the AD group short of using section access.  Perhaps you could create an island flag field and select 1 or 0 using section access and then use the value of the flag to conditionally show/hide the sheet. i have not tested this personally.

Logic will get you from a to b. Imagination will take you everywhere. - A Einstein
hlines_usacs
Creator II
Creator II
Author

Thanks. How would you use Section Access to hide a sheet from an AD group? We have our AD groups loaded and refreshed on a schedule.

pawwy1415
Creator III
Creator III

Hi,

You can achieve this by security rules in QMC.

Please refer this BLOG, It has detail level of information how to achieve Sheet and App Object level security rules:

Sheet or App Object Level Security Qlik Sense

hlines_usacs
Creator II
Creator II
Author

Thanks! Yes - I found that article.  As I was reading through the beginning, it starts from scratch by installing Qlik Sense. Step number 4.1 says to disable the default STREAM security rule. I am not starting from a brand new install. I already have multiple streams and apps in production that users are using. If I disable this STREAM security rule, does it affect my other streams? If so, how does it affect them?

pawwy1415
Creator III
Creator III

Hi,

Long back i have worked on this sheet level section access. That time we have disabled the default  stream rule first then to Keep the Existing Stream Rule functionality, in addition, to adding sheet level section access Created one more Customized Stream rule like below.


This rule substitutes the default 'Stream' security rule with an exemption of Apps where SheetLevelSecurity is ON means created one custom property with SheetLevelSecurity  and given the value as ON. Next applied this ON value to the apps where this default rule need to avoid.


For avoiding sheets given description as APP_RESTRICTED


Name: CUSTOM_STREAM_ACCESS

Resource Filter: App*

Action: Read

Condition:

(resource.resourcetype = "App” and resource.@SheetLevelSecurity != "ON"and resource.stream.HasPrivilege("read"))

or

((resource.resourcetype = "App.Object" and resource.published = "true" and resource.objectType != "app_appscript"

and resource.objectType != "loadmodel" and (resource.description != "APP_RESTRICTED"))

and resource.app.stream.HasPrivilege("read"))

               Context: Both in hub and QMC

hlines_usacs
Creator II
Creator II
Author

How did you define the SheetLevelSecurity custom property? I don't currently have any custom properties, so if I wanted to create one for SheetLevelSecurity, how would I do that?

pawwy1415
Creator III
Creator III

Hi,

We have to create the custom property as per our use case.

  1. Log into QMC and navigate to Custom Properties section
  2. Click on ‘Create new’
  3. Enter name i.e. ‘SheetLevelSecurity‘ with Apps as Resource Type and Corresponding values for example ON/OFF.
  4. Click on Apply
  5. Then assign this Custom property Sheet Level Security = ON to your section access app in the APPs tab so as per the custom stream rule it will exclude this particular app from the default functionality.


custom property.png

6. One more thing is on which sheet we have to apply the section access for that sheet add APP_RESTRICTED under Description like below.

APP_rESTRICTED.png

So as per the below rule in the app which contains SheetLevelSecurity = "ON" and sheet description has APP_RESTRICTED those sheets will hide.


Name: CUSTOM_STREAM_ACCESS

Resource Filter: App*

Action: Read

Condition:

(resource.resourcetype = "App” and resource.@SheetLevelSecurity != "ON"and resource.stream.HasPrivilege("read"))

or

((resource.resourcetype = "App.Object" and resource.published = "true" and resource.objectType != "app_appscript"

and resource.objectType != "loadmodel" and (resource.description != "APP_RESTRICTED"))

and resource.app.stream.HasPrivilege("read"))

               Context: Both in hub and QMC