Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

aliazizi
Contributor

Limiting access to apps in the Work folder of Qlik Sense

Hi

I've configured access to each stream and different user groups have access only to their own stream and apps. But in the Work folder everybody is able to view all apps, also those belonging to other streams, both published and unpublished apps.

How can I fix it so everybody only views the apps belonging to her/his own stream.

Appreciate any help

5 Replies
rittermd
Honored Contributor

Re: Limiting access to apps in the Work folder of Qlik Sense

That is a security rule issue.  I had this same issue some time ago.  Unfortunately I don't remember which rule it was.

But it is an easy fix once you find the correct rule to change.  I will see if I can figure it out again.

aliazizi
Contributor

Re: Limiting access to apps in the Work folder of Qlik Sense

Hi Mark
Thank you for your response. I'm aware of this is a security rule issue. I've created a rule for each stream that gives users access to the concerned stream. The resource for the stream is defined as:

STREAMNAME, App_*, Aoo.Object_*

so each user only can view a specified stream and apps inside it, but the user at the same time can view all other apps in the "Work" folder. This is my problem I need to resolve.

Appreciate your help.

agigliotti
Honored Contributor II

Re: Limiting access to apps in the Work folder of Qlik Sense

I suggest you to do a security rules tuning with "Audit" under "Manage Resources".

It's very useful to quickly understand which are the security rules involved.

rittermd
Honored Contributor

Re: Limiting access to apps in the Work folder of Qlik Sense

You might want to consider using Custom Properties and a single security rule to control who can access each stream or streams. 

If you create a rule for each stream it can get messy and you have many rules to monitor and update.

aliazizi
Contributor

Re: Limiting access to apps in the Work folder of Qlik Sense

Shouldn't the following script limit access to the unpublished apps to the Developer group (*_Dev_Group)?

Means each developer has access and view right to unpublished apps belonging to his own group

(user.group like "*_Dev_Group") and

(resource.resourcetype="App" and resource.App.stream.Empty()) and

(resource.IsOwned() and resource.owner.group = user.group)

*_Dev_Group are AD groups.

Community Browser