We have requirement where certain set of users need to be restricted from accessing particular sheets in a application.
I tired both the below process but none of them worked.
We have 10 sheets out of which 2 sheets need to restricted for set of user group.
If there are any alternative methods please let me know.
Really appreciate your help.
Solved! Go to Solution.
I think in your case you are being overruled by the standard rules of Qlik Sense.
Forgot i did this….
I switched off some standard rules in Qlik Sense, en created some new ones with reduced rights.
i think the rules you need to evaluate are:
- CreateAppObjectsPublishedApp (If you have read rights on an published app you should be able to create sheets, stories, bookmarks and snapshots belonging to that app)
(If you have read rights on an unpublished app you should be able to create app objects belonging to that app)
I think these 2 standard rules are overruling the newly created one.
Try to evaluate these (don't change them, just copy them, adjust it, and disable the Original ones).
I didn't peruse the links, but I assume that contains only a workaround for sheet security, I don't think this kind of security exist in Sense.
I suggest you to create two application and publish to different streams according to the user groups.
If the reload would take too much time then you can extract and transforms the input data to qvd-s, and both application can reload from it much faster.
I am OK with your solution and haven't tried it .But Also I need have same stream name and application name so that users doesn't notice it as two different streams/apps.
Thinking about below option as well.
Option 2: Have Two Application in one stream and restrict application based on User group.
A security rule will work for preventing the access to a sheet but if this sheet contains some master items, the users will be able to create their own page and access it anyway, which is a big risk ...
I am looking for what security rules need to modified or created to restrict sheet level access. Can you please help me in defining the security rules.
I my case I created a "custom propertie" on users level (internal or external user).
then i created a security rule like this on "App.Object*" level with "read" rights:
(((user.@InternExtern = "Extern" and (resource.name like "*[$E]" or (resource.objectType="masterobject" or resource.objectType="LoadModel" or resource.objectType="measure" or resource.objectType="LoadModel" or resource.objectType="dimension"))))
So if you are a external user and the sheet has [$E] in its name, you can see it.
and for the internal user i used the same rule but with: resource.name like "*[$I]"
so everyone who is an external user can only see sheets with [$E] in the sheetname, and every internal user can only see the sheets with [$I] in the name.
works like a charm for me and my users. I use this with ALL my app's.
We've done something like this. Its just a workaround, and will require some manual work.
1. Create a custom property, Select User in "Resource Type.
2. Add Sheet name in values
3. Edit your users, you'll find your newly created custom property. Select the appropriate sheet names that you want the user to have access on.
4. Create a new security rule, and select "App.Object_*" in resource filter.
5. Add the following in the Advanced conditions
((user.@SheetSecurity=resource.name) or user.name=resource.owner.name)
The above condition will ensure that the user will only view the sheets on which they have access to. And will also have access on sheets that was created by that user.
I have this custom rule to hide sheets named "testsheet" in published dashboards from users that are not RootAdmin:
I don't remember if I had to disable any native rules for this to work, but maybe you can try to adapt it to your scenario?