Skip to main content
Announcements
Talend Data Catalog 8.0 End of Support: December 31, 2024 Get Details

Security Rule Example: Allow access to Data Load Editor on an app

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Andre_Sostizzo
Digital Support
Digital Support

Security Rule Example: Allow access to Data Load Editor on an app

Last Update:

Nov 11, 2021 9:48:43 AM

Updated By:

Sonja_Bauernfeind

Created date:

Aug 23, 2017 3:54:28 PM

We in Qlik Support have virtually no scope when it comes to debugging or writing custom security rules for customers. That level of implementation advice needs to be handled by the folks in Professional Services or Presales. That being said, this example is provided for demonstration purposes to explain a specific scenario. No Support or maintenance is implied or provided. Further customization is expected to be necessary and it is the responsibility of the end administrator to test and implement an appropriate rule for their specific use case. For access to more tips and tricks, best practices, and ever-evolving creative solutions, we recommend joining us in our active Qlik Community.

In this scenario, the administrator wants to grant access to the Data Load Editor on a series of apps which the user or set of users already have read rights to.

Setup:

  • Name: _DLEUserAccess
  • Description / Explanation: This rule will grant update rights to an application based on the inherited Read rights provided elsewhere. Update rights to an app are necessary to see the Data Load Editor Option
  • Resource filter(s): App_*
  • Action(s): Update
  • Conditions: resource.resourcetype = "App" and resource.Stream.HasPrivilege("read") and (user.name="User2")
    • Note: In this example we are using a statically defined user.name value. In a realistic scenario you would want to have a more robust user selection criteria (e.g. user.group="BI Developers" if there is group membership which selects the specific users which you want to target).
    • Note2: This example assumes Authentication Setup is on Stream level -- the user is allowed to access all Apps under a Stream that he/she has "read" access on. Thus resource.Stream.HasPrivilege("read"). In a realistic scenario, depending on the exact Authentication setup, modification on this condition may be required.

 

  • Name: _ScriptUserAccess
  • Description / Explanation: This rule will grant read and update rights to specific app objects which scope to the load script of an app based on the inherited Read rights on the app provided elsewhere.
  • Resource filter(s): App.Object_*
  • Action(s): Read, Update
  • Conditions: ((resource.objectType="loadmodel" or resource.objectType="app_appscript")) and resource.app.HasPrivilege("read")
    • Note: In this example we are using a statically defined user.name value. In a realistic scenario you would want to have a more robust user selection criteria (e.g. user.group="BI Developers" if there is group membership which selects the specific users which you want to target).

 

Sample with Screenshots:

  1. Before applying above rules, User 2 has "Read" Access to the Stream where App "12345" is in. "12345" is owned by another user. So User 2 has no access to Data Load Editor:

    1.png
  2. Create the 1st rule, which grants "update" to User2 on App 12345:

    2.png


    3.png
  3. At this point User2 still cannot access Script Editor of App 12345(Even though Data model viewer shows up):

    4.png
  4. Now create the 2nd rule:

    5.png
  5. Now, User2 has access to Data Load Editor(and Data Manager) of App 12345:

    6.png
Labels (1)
Comments
sri_c003
Partner - Creator II
Partner - Creator II

We tried using the above rules, but it does not show the Data Manager link to us - these rules did open up the Data Load Editor and Data Model.

Could you please help us with a rule to open the Data Manager.

Roberto_Licciardello
Partner - Contributor III
Partner - Contributor III

Hi Andre,
sorry to bother you.

I'm not very good with this kind of setting. I have the reverse problem. I have a Professional user (I need to use the VixLib writeback features) and I would like to inhibit some possibilities (user XXX only):

1 Data Manager
2 Data Load Editor
3 Create new app (in hub)

Qalu is the syntax I should use?
Where can I find all the rules and functions to enable / disable?


Many thanks in advance!!!

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @Roberto_Licciardello 

I recommend posting your query directly in our Qlik Sense Management forum to make use of the wider reach of our community and our active support engineers. When posting, include the symptoms of your issue, any error messages that you have seen, and what troubleshooting steps you've already taken. Feel free to refer back to this article as an example of what you tried.

All the best,
Sonja

Narges
Contributor III
Contributor III

Hi,

 

Is that possible to grant only read access? Only see the script but not to be able to modify the script.

Version history
Last update:
‎2021-11-11 09:48 AM
Updated by: