Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

ryanfry_
New Contributor

Restricting user access to specific sheets

I'm attempting to get sheet level security working.

I'm following this:

Sheet or App Object Level Security Qlik Sense

sort of...

I've disabled the default Streams rule, and created my own, which specifically excludes a user group based on a custom property.

When I view associated rules to the sheet in particular for a member of the group for whom I am attempting to restrict access, I see that the disabled rule is still associated, but when I edit it, the disabled check is still there.

My custom rule is the only other rule that shows up in the list of associated rules.

I am attempting to remove access to all sheets with the word 'Admin' in them. I've tried various permutations of resource.name Like, =, !=, "Admin*", etc etc.

I gave up, and am now attempting to restrict access to the TWO sheets that specifically exist.

I have created the rule for:

App.Object_*

read is the only checked box

Conditions:

((user.@UserType="MyGroup") and (resource.name!="Admin: Issued Reward Details" or resource.name!="Admin: Issued Rewards Summary"))

Which I interpret to mean ALL app objects that are NOT these two named sheets, and it gives read access.

when I audit the rule, I still see that I can access these sheets. For good measure, I attempted to log in, and with a test user, I can still see the sheets that I should not be able to see.

Any guidance would be fantastic.

1 Reply
Employee
Employee

Re: Restricting user access to specific sheets

01135579.png

For this particular implementation this style of rule is working with success:

  • Disable Stream
  • New rule:
    • Name: Stream (Sheet Exception)
    • Filter: App*
    • Action: Read
    • Condition: (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and resource.name != "Exclusion Test")) and resource.app.stream.HasPrivilege("read")))
    • Context: Both

The bolded portion can be ported over to be customized or expanded (e.g. (resource.name != "1" and resource.name!="2"). The method of using a custom property will unfortunately not work since custom properties cannot be applied to app.objects. Likewise, there is no NOT LIKE operator so wildcards will not be able to be leveraged.