Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Live today at 11 AM ET. Get your questions about Qlik Connect answered, or just listen in. SIGN UP NOW
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2015-04-30 07:21 PM

Security Access to Specific App Objects

Hello,

I am currently exploring the security rule section of the QMC, and I am having trouble with App Object Access Rules. I was curious as to

1) Whether it was possible to create a rule allowing access to a specific sheet or bookmark? If so how am I able to identify that specific object in the advanced security rule?

2) How do I create a Security Rule that states only people of a specific group can create Sheets. (essentially the problem I have is how do I refer to all sheets)

Thanks

13,069 Views
12 Replies
OmarBenSalem
MVP
MVP
‎2016-11-28 05:36 AM

In response to

Hi Jeffrey,

Thanks for the reply, it was a great video !
I followed every step and all went good BUT, with the new customised security rules, I can control the which app is showed depending on your custom property BUT when I open an Application, It appears as if it is Empty :

Capture.PNG

Here are the 2 security rules as configured by Marcus:

1) AppAccess:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and

resource.@AppLevelManagement.empty())

or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.app.stream.HasPrivilege("read"))

2)AppAccessException :

resource.stream.HasPrivilege("read") and ((user.@AppLevelManagement=resource.@AppLevelManagement))

With those 2 rules, I can manage which user can view which app(s), but the apps are EMPTY.

Now If I go back to the original security rule which permits every user to see every app in the stream if they are authorized to view the stream (the rule is called Stream), I notice that there is a line like this:

resource.objectType != "app_appscript" and resource.objectType != "loadmodel"

I tried to change my new customised rule and add that line:

But still, the app is empty:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and

resource.@AppLevelManagement.empty())

or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

and resource.app.stream.HasPrivilege("read"))

I can't figure out what's happening, can you help please? Or tag Marcus to do so? Thanks !

568 Views
0 Likes
OmarBenSalem
MVP
MVP
‎2016-11-28 06:50 AM

In response to OmarBenSalem

I just added App.Object_* as a ressource filter.

with on only App_* as a resource filter, we can't see any sheet !

with App_*,App.Object_* or App* as a resource filter we can see the sheet.

Originally, when we select as a template for building our rule 'app access', the default resource filter is App_*

With App_* as a resource filter, you won't be able to see the sheets

568 Views
0 Likes
zssmith1
Partner - Contributor
Partner - Contributor
‎2017-02-08 10:36 AM

In response to

Hi, the links from your post are not working, they are posted below, can you fix?  Thanks,

Reference to security rules here with samples: http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG...

Here is another that answers your #2 question: http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG...

568 Views
0 Likes