Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sridhar1
Contributor III
Contributor III
‎2018-09-17 12:32 PM

Sheet Level Security in QlikSense

Hi All,

We have requirement where certain set of users need to be restricted from accessing  particular sheets in a application.

I tired both the below process but none of them worked.

https://community.qlik.com/docs/DOC-18300

Sheet or App Object Level Security Qlik Sense

We have 10 sheets out of which 2 sheets need to restricted for set of user group.

If there are any alternative methods please let me know.

Really appreciate your help.

Thanks

15,053 Views
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎2018-09-20 03:01 AM

In response to sridhar1

Hi Sridhar,

I think in your case you are being overruled by the standard rules of Qlik Sense.

Forgot i did this….

I switched off some standard rules in Qlik Sense, en created some new ones with reduced rights.

i think the rules you need to evaluate are:

- CreateAppObjectsPublishedApp (If you have read rights on an published app you should be able to create sheets, stories, bookmarks and snapshots belonging to that app)

- CreateAppObjectsUnPublishedApp

     (If you have read rights on an unpublished app you should be able to create app objects belonging to that app)

I think these 2 standard rules are overruling the newly created one.

Try to evaluate these (don't change them, just copy them, adjust it, and disable the Original ones).

Regards Boycke

View solution in original post

15,623 Views
0 Likes
14 Replies
undergrinder
Specialist II
Specialist II
‎2018-09-18 02:53 AM

Hi Sridhar,

I didn't peruse the links, but I assume that contains only a workaround for sheet security, I don't think this kind of security exist in Sense.

I suggest you to create two application and publish to different streams according to the user groups.

If the reload would take too much time then you can extract and transforms the input data to qvd-s, and both application can reload from it much faster.

G.

13,424 Views
sridhar1
Contributor III
Contributor III
‎2018-09-18 09:34 AM
Author

In response to undergrinder

Hi Gabor,

I am OK with your solution and haven't tried it .But  Also I need have same stream name and application name so that users doesn't notice it as two different streams/apps.

Thinking about below option as well.

Option 2: Have Two Application in one stream and restrict application based on User group.

Thanks

13,424 Views
0 Likes
agigliotti
Partner - Champion
Partner - Champion
‎2018-09-18 09:47 AM

for your kind of request you should work with the security rules.

13,424 Views
0 Likes
benoitgochel
Contributor III
Contributor III
‎2018-09-18 09:53 AM

A security rule will work for preventing the access to a sheet but if this sheet contains some master items, the users will be able to create their own page and access it anyway, which is a big risk ...

13,433 Views
sridhar1
Contributor III
Contributor III
‎2018-09-18 09:59 AM
Author

In response to agigliotti

Hi Andrea,

I am looking for what security rules need to modified or created to restrict sheet level access. Can you please help me in defining the security rules.

Thanks

13,440 Views
0 Likes
sridhar1
Contributor III
Contributor III
‎2018-09-18 10:01 AM
Author

In response to benoitgochel

Hi Benoit,

I am looking for what security rules need to modified or created to restrict sheet level access.

Thanks

13,440 Views
Anonymous
Not applicable
‎2018-09-18 10:07 AM

I my case I created a "custom propertie" on users level (internal or external user).

then i created a security rule like this on "App.Object*" level with "read" rights:

(((user.@InternExtern = "Extern" and (resource.name like "*[$E]" or (resource.objectType="masterobject" or resource.objectType="LoadModel" or resource.objectType="measure" or resource.objectType="LoadModel" or resource.objectType="dimension"))))

So if you are a external user and the sheet has [$E] in its name, you can see it.

and for the internal user i used the same rule but with: resource.name like "*[$I]"

so everyone who is an external user can only see sheets with [$E] in the sheetname, and every internal user can only see the sheets with [$I] in the name.

works like a charm for me and my users. I use this with ALL my app's.

13,436 Views
0 Likes
chaudharybilal
Partner - Contributor III
Partner - Contributor III
‎2018-09-18 10:21 AM

In response to sridhar1

Hi Sridhar,

We've done something like this. Its just a workaround, and will require some manual work.

1. Create a custom property, Select User in "Resource Type.

2. Add Sheet name in values

3. Edit your users, you'll find your newly created custom property. Select the appropriate sheet names that you want the user to have access on.

4. Create a new security rule, and select "App.Object_*" in resource filter.

5. Add the following in the Advanced conditions

((user.@SheetSecurity=resource.name) or user.name=resource.owner.name)

The above condition will ensure that the user will only view the sheets on which they have access to. And will also have access on sheets that was created by that user.

13,440 Views
0 Likes
william_fu
Creator II
Creator II
‎2018-09-18 10:23 AM

In response to sridhar1

Hi Sridhar,

I have this custom rule to hide sheets named "testsheet" in published dashboards from users that are not RootAdmin:

I don't remember if I had to disable any native rules for this to work, but maybe you can try to adapt it to your scenario?

srule.png

13,440 Views
0 Likes