Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

New Contributor

Restricting user access to specific sheets

I'm attempting to get sheet level security working.

I'm following this:

Sheet or App Object Level Security Qlik Sense

sort of...

I've disabled the default Streams rule, and created my own, which specifically excludes a user group based on a custom property.

When I view associated rules to the sheet in particular for a member of the group for whom I am attempting to restrict access, I see that the disabled rule is still associated, but when I edit it, the disabled check is still there.

My custom rule is the only other rule that shows up in the list of associated rules.

I am attempting to remove access to all sheets with the word 'Admin' in them. I've tried various permutations of resource.name Like, =, !=, "Admin*", etc etc.

I gave up, and am now attempting to restrict access to the TWO sheets that specifically exist.

I have created the rule for:


read is the only checked box


((user.@UserType="MyGroup") and (resource.name!="Admin: Issued Reward Details" or resource.name!="Admin: Issued Rewards Summary"))

Which I interpret to mean ALL app objects that are NOT these two named sheets, and it gives read access.

when I audit the rule, I still see that I can access these sheets. For good measure, I attempted to log in, and with a test user, I can still see the sheets that I should not be able to see.

Any guidance would be fantastic.

1 Reply

Re: Restricting user access to specific sheets


For this particular implementation this style of rule is working with success:

  • Disable Stream
  • New rule:
    • Name: Stream (Sheet Exception)
    • Filter: App*
    • Action: Read
    • Condition: (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and resource.name != "Exclusion Test")) and resource.app.stream.HasPrivilege("read")))
    • Context: Both

The bolded portion can be ported over to be customized or expanded (e.g. (resource.name != "1" and resource.name!="2"). The method of using a custom property will unfortunately not work since custom properties cannot be applied to app.objects. Likewise, there is no NOT LIKE operator so wildcards will not be able to be leveraged.