Discussion board where members can get started with Qlik Sense.
I am trying to find a way to write a rule that would only allow Root Admins the ability to Create New Master Items. I want my normal users to be able to use these master items, but not create any.
How do I reference the master item in the Advanced security rules?
Great question, and I wish I had the answer. It appears that if you are giving users the ability to create new apps, they also get the ability to create master items, but I too have not found a way to disable that without disabling the ability to create apps.
That is a good question. Kris is correct, ContentAdmin roles for example and other non-roles can create new apps in their My Work stream - they can as you have seen can create Master Items too. Let me see if my colleague jog can provide any input? - Jeff?
By default, a user of a published app does not have access to create, update, or delete master items if they are not a content admin.
That said, on unpublished applications the owner is able to create master items for their apps before they have been published.
If you want root admins to have the ability to do the same as content admins, check out the rule named ContentAdmin. You can modify it by changing the Condition from ContentAdmin to RootAdmin. However, I recommend disabling the built in rule and creating your own version that mirrors it.
If you want to disable app creation, take a look at this video on Security rules. SenseSecurityRules.mp4 - Google Drive
How we can manage Master Items read permission within security rule?
I need to know because applying a security rule as below the users can't see Master Items anymore.
((user.userDirectory="SF" and resource.app.name="Sales analysis" and resource.name="CRM") and (resource.objectType="measure" or resource.objectType="sheet"))
Can you help me?
Hi Donish / Andrea / Pablo,
I had similar requirement to create a user role such that user should not be able to create Master Dimension/Measure/Visualization but should be able to create sheets, bookmarks and stories.
Following is what worked for me.
Stream and App level Security rules will only have READ access (in Actions check boxes while creating security rule)
For App Object Rule:
User Role = Dev_1 ( will be Root Admin in your instance)
P.S. I have separate rule for providing access to bookmarks and stories.
Hope this works for you.