Qlik Community

New to Qlik Sense

Discussion board where members can get started with Qlik Sense.

mohan_1105
Contributor III

Sheet Level Section Access isn't working

Hello Qliker's,

I'm trying to implement the sheet level section access to the application published on our client server. I created the security rule having the logic sheets name like "ZSM" shall only be displayed to the certain group and other shall view the sheets which doesn't have the sheet name like "ZSM".

I applied the following rule which isn't successful. Please review my security rule below,

((resource.id="App ID") and (user.@User_Type="Restricted User" and resource.name like "ZSM") or (user.@User_Type="Users" or resource.name!="Customer Analysis - ZSM" and resource.name!="Customer Details - ZSM" and resource.name!="Dashboard - ZSM" and resource.name!="Order Analysis - ZSM" and resource.name!="Target Analysis - ZSM"))

Please help, kindly help if I should follow any other steps in security rule.

Best Regards,

Mohan

Tags (2)
1 Solution

Accepted Solutions
suhasinigm
New Contributor III

Re: Sheet Level Section Access isn't working

Hi Mohan,

I think U have created only one Custom Property User_Type?.

1. Create a Custom Property User_Type with User and Stream as resource type.

and values will be Restricted_User and Unrestriceted_User.


Stream level User Access Rule will be:

((user.@User_Type=resource.@User_Type)).

2.Then Create a Custom Property AppLevelManagement with User and App as Resource Type.

and values will be Restricted and Unrestriceted.


First Disable the Default stream Rule ,then create new security rule for App.

((user.@AppLevelManagment=resource.@AppLevelManagment)).

Please make sure for users,streams and applications associated with the respective custom property.



,2018-02-10 13_39_35-Greenshot.png

26 Replies
Luminary
Luminary

Re: Sheet Level Section Access isn't working

Did you disable the rule that gives access to the sheet if you have access to the stream?

Remember that Qlik is a positive security system: once you have access you have access...

Below a way to do it. There are other ways:

How to disable the generic rule:

1.Go on the QMC

2.Open the Security Rules section in the QMC.

3.Select the default generic rule called Stream. As explained before, this rule allows users to access all Streams.

4.After selecting this rule, tick the case “Disabled”.



UnRestrictedclient:


((resource.resourcetype = "App“and resource.stream.HasPrivilege("read"))

or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")

and resource.app.stream.HasPrivilege("read")))

and user.userDirectory != “RESTRICTEDCLIENT"

RestrictedClient:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “RESTRICTEDSHEET") and user.userDirectory = “RESTRICTEDCLIENT")

Kind Regards,

mohan_1105
Contributor III

Re: Sheet Level Section Access isn't working

Hi Dion,

Thanks for your time.


I recreated the rule as you suggested in RestrictedClient. The rule is working as expected. But I the restricted user couldn't able to view the charts which are on the dashboard already.


Also, Kindly verify my Resource filter and Actions shown below.


Capture.JPG


Below is the rule I wrote as suggested. 


(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

or

((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name LIKE*ZSM") and user.@User_Type="Restricted User")

or

((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name !=*ZSM") and user.@User_Type="User")


Best Regards,

Mohan

suhasinigm
New Contributor III

Re: Sheet Level Section Access isn't working

Hi Mohan,

I also faced the same issue ,

Inst-ed of writing 3 rules i wrote the below two separate rules for two groups :

Sheet Level:

Rule1: DomianGroup

Resource Filter:App.Object_*

((user.@Group="Domain" and resource.name="ZSM"))


Rule2: GlobalGroup

Resource Filter:App.Object_*

((user.@Group="Global" and resource.name!="ZSM"))


I hope it will solve your problem.

mohan_1105
Contributor III

Re: Sheet Level Section Access isn't working

Hi Suhasini,

I disabled all the rules I created before for sheet level access and created the rule as you suggested. I wouldn't able to find the application in the stream.

Could you suggest what can be done after?

suhasinigm
New Contributor III

Re: Sheet Level Section Access isn't working

Hi Mohan ,

Is  Application level Management working correct?,

have you assigned the  application level custom property to Users.

mohan_1105
Contributor III

Re: Sheet Level Section Access isn't working

Hi,

Yeah, I have assigned the custom properties to all the users allocated.

Just the clarification, in the rule, you mentioned user.@Group is the customer prroperty you were mentioning right?

suhasinigm
New Contributor III

Re: Sheet Level Section Access isn't working

Hi Mohan,

Group is a custom property with User and stream resource type.

mohan_1105
Contributor III

Re: Sheet Level Section Access isn't working

Hi,

Could you tell me, how do I check the app level management is working?

suhasinigm
New Contributor III

Re: Sheet Level Section Access isn't working

Hi Mohan,

please refer this post till 9th step for Application Level Management.

Sheet or App Object Level Security Qlik Sense

Community Browser