Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

Announcements
Coming your way, the Qlik Data Revolution Virtual Summit. October 27-29. REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Creator III
Creator III

Publish and REPLACE is not working for us

We're running a multi-node site v 2.2.3+Build:37release/ms15

We've got developers who own the apps, streams and app objects. They have the authority to publish and delete what they own via security rules...

Yet, when they try to publish and replace, it throws an error to the developer like this: "The operation failed due to insufficient privileges"

In the log it shows this:

Republish app403 Forbidden (HTTP code: 403)

Yet the rules audit show that they can publish and delete...

Anyone seen this before?

31 Replies
Highlighted
Creator II
Creator II

Result is the same. May be it is because the Context is "Both in hub and QMC"

Highlighted
Creator III
Creator III

Ok that's what it should be. I'm kind of at a loss.

Today I cured an issue where everything looked great in the audit, but still the user could not replace...

Then I went into the rule and reselected the group from the list of values rather then typing it in. Which seemingly did nothing because I could not save the rule. Then I change the description of the rule thinking it would reinitialize the rule.. And it worked. My test user was then able to replace.

I use AD groups for security.

Highlighted
Creator III
Creator III

Please try this:

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

Highlighted
Creator II
Creator II

Thanks! Duplicate and republish works. Next exercise is to limit access to one proper stream and this is not working anymore

Highlighted
Creator III
Creator III

Ok, I do that in separate rules that look like this for example. You're going to need separate roles or AD groups by stream. We call these roles(AD groups); Community Developers. If I wasn't using AD groups, I'd use custom properties rather than roles. Just seems easier to set up. But here's what it looks like for one of our streams for example. It makes no sense to me why I'd need a separate global publish and replace rule, but I do.. If you ever want to have a webex so I can help, let me know

Name: Security rule for access to "Service Community"

Description: Rule for read only access to the Service Community Stream

Actions: Read

Resource Filter: Stream_*

Conditions: ((user.group="Qlik Sense Service Community" and resource.name="Service Community"))

Context: Only in Hub

Name: Security rule for Community Developers and Contributor access to "Service Community"

Description: Rule for Community Developers & Sr Community Developers & Contributors access to Service Community Stream

Actions: Create, Read, Publish, Export Data

Resource Filter: Stream_*,App*

Conditions: ((user.group="Qlik Community Developers") or (user.group="Qlik Sr Community Developers") or (user.group="Qlik Contributor")) and ((user.group="Qlik Sense Service Community")) and ((resource.resourcetype="Stream" and resource.name="Service Community") or (resource.resourcetype="App" and resource.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="sheet" and resource.owner.name=user.name and resource.app.stream.name="Service Community") or (resource.resourcetype="App.Object" and resource.objectType="story" and resource.owner.name=user.name and resource.app.stream.name="Service Community"))

Context: Both in hub and QMC

Highlighted
Not applicable

Hi Stephen,

Iam also facing the same issue on replacing apps and even after doing below iam not able to make it work..

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="test_StreamAdmin))

Context: QMC

any further suggestions...?

Highlighted
Creator III
Creator III

Hello Pushpit,

Couple questions:

1. Does the user role "test_StreamAdmin" exist in your environment?

2. Doe this role have read access to the Stream that contains the app you're trying to replace?

Thanks,

Steve

Highlighted
Not applicable

Hi Stephen,

Thanks for responding. the role i have is powerusers. and yes the members of the role have read access to the stream containing the app.

Highlighted
Creator III
Creator III

So your rule should look like this:

Name: PublishReplaceApp

Resource Filter: App*

Actions: Read, Update, Publish

Conditions: ((resource.IsOwned() and resource.owner = user) and (user.roles="powerusers"))

Context: QMC

Highlighted
Not applicable

Yes, that's exactly what i've done