Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
simotrab
Creator III
Creator III
‎2018-01-11 04:30 AM

Security rules, problem

Hi community,

I'm facing the Security rules in Qlik Sense, and I'm not having the result I want.

I've read this

Sheet level Section Access in Qlik Sense ??

Qlik Sense Security Rule List (v1.1).pdf

and other sources, but I've some problem. Here my situation.

I've three level of user, a,b,c, and four streams, 1,2,3,4.

The users a can see 1,2,3,4 streams and all the apps in.

The users b can see 1,2,3 streams and all the apps in.

The users c can see 1 streams, all the apps in, but not a certain sheet.

I've worked this way:

In the custom properties I've set group as the level of the users, as a property of the users.

In the custom properties I've set apps as the name of the streams of the app, so each app of each streams, belongs to  the group of the app 1,2,3,4 namely as the stream.

Then I've disabled the Stream security rules, the rules that allow to see automatically resources if you are allowed to see the the stream.

I managed to create my security tules

- if you belong to the group a, you can see the stream 1,2,3,4. Type of the rule: stream

((resource.name="1" and resource.name="2" and resource.name="3" and resource.name="4" or user.@group="a"))

- if you belong to the group b, you can see the stream 1,2,3.Type of the rule: stream

((resource.name="1" or resource.name="2" or resource.name="3" )) and ((user.@gerarchia="b"))


- if you belong to the group c, you can see the stream 1.Type of the rule: stream

((resource.name="1" or user.@group="c"))

- if you belong to the group a, you can see the apps in the group 1,2,3,4.Type of the rule: app

((user.@group="a") or (resource.@apps="1" and resource.@apps="c2" and resource.@apps="3" and resource.@apps="4"))

- if you belong to the group b, you can see the apps in the group 1,2,3.Type of the rule: app

((user.@group="beta") or (resource.@apps="1" and resource.@apps="2" and resource.@apps="3"))


- if you belong to the group c, you can see the apps in the group 1.Type of the rule: app

((user.@group="c") and (resource.@apps="1"))


Till here, in the audit, everythings works fine. The problem is: all the users can see all the sheets in each app that are allowes to see, except the users c, whom cannot see sheetNO in the app 1.

I've tried something like:


((user.@group="c" and resource.name="sheetNO"))

((user.@group="c" and resource.name!="sheetNO"))


But it does not work. Also, all the other users have the READ in yellow: should I make explicit the read privilege of each sheet? Is there a workaround?

487 Views
0 Likes
0 Replies