Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
I've add a new app to NPrinting and created a new Security role so that users can specifically Edit the Publish Task for this one App.
Users would need to be able to add in a filter ad-hoc hence adding in the Edit feature under Publish Tasks.
For a standard user they would not have access to this edit field under their current Security Role.
My issue is that now when I add users into this new Security Role (in addition to their current security role) they have Edit on ALL tasks where they did not have this option before.
Is there someway to mitigate against users having this Edit option on all tasks?
More Details:
Current Security Role = Invoicing User -> No access to Edit Publish Tasks. 3 Existing apps under role.
New Security Role = Invoicing User 1 -> Same as above under Actions except for Edit under Publish Tasks. Only one new app added under this role.
So I have users now with these 2 Security Roles assigned and the permissions from the newly created role is overwriting the permissions applied under the first security role.
Thanks
Accepted Solutions
To achieve that you will likely need to only use custom roles or update the existing and removing the default selected "All apps" check box which forces visibility to all NP Apps for each custom role.
By default, the built in 'User' role will have access to all Apps. But 'all apps' can be unchecked for this role. However, if NP accounts are assigned to developer, newsstand or administrator, this checkbox cannot be unchecked. So again you would have to create custom roles to enable the level of granularity you are looking for.
As an option/suggestions, you may wish to create a separate role for each set of users that you wish to have access to a specific set of NP Apps (each NP app contains your connections, reports etc).
Then once you've defined your custom roles with the assigned/selected NP apps, then add the custom roles to each NP user and remove default roles from each user since those will have access to 'All apps'
Then finally, set your publish task permissions for each custom role.
I would suggest doing this in a test environment so as to not impact your current production users.
This would be a highly customized solution and there is no export tool to show information about group membership.
I haven't tested this myself, but theoretically is should work. A simple test might be to set up 2 test NP users and 2 custom roles. Give user 1 access to customer role 1 (app1) and user 2 access to custom role 2 (app2). No other roles should be applied to these test users.
Give Publish task permissions to custom role 1 but none to custom role 2. Does this keep the views to publish tasks limited only to user 1?
However, you may wish to install the NP governance dashboard found here to view roles and role membership.
https://community.qlik.com/t5/Qlik-NPrinting-Documents/NPrinting-Governance-Dashboard/ta-p/1744538
Kind regards...
To achieve that you will likely need to only use custom roles or update the existing and removing the default selected "All apps" check box which forces visibility to all NP Apps for each custom role.
By default, the built in 'User' role will have access to all Apps. But 'all apps' can be unchecked for this role. However, if NP accounts are assigned to developer, newsstand or administrator, this checkbox cannot be unchecked. So again you would have to create custom roles to enable the level of granularity you are looking for.
As an option/suggestions, you may wish to create a separate role for each set of users that you wish to have access to a specific set of NP Apps (each NP app contains your connections, reports etc).
Then once you've defined your custom roles with the assigned/selected NP apps, then add the custom roles to each NP user and remove default roles from each user since those will have access to 'All apps'
Then finally, set your publish task permissions for each custom role.
I would suggest doing this in a test environment so as to not impact your current production users.
This would be a highly customized solution and there is no export tool to show information about group membership.
I haven't tested this myself, but theoretically is should work. A simple test might be to set up 2 test NP users and 2 custom roles. Give user 1 access to customer role 1 (app1) and user 2 access to custom role 2 (app2). No other roles should be applied to these test users.
Give Publish task permissions to custom role 1 but none to custom role 2. Does this keep the views to publish tasks limited only to user 1?
However, you may wish to install the NP governance dashboard found here to view roles and role membership.
https://community.qlik.com/t5/Qlik-NPrinting-Documents/NPrinting-Governance-Dashboard/ta-p/1744538
Kind regards...
Hi @Frank_S ,
I've gone ahead and tested this following the guidance above on our Test Environment, however, this is still replicating the same issue.
As soon as my test user is added a new Security Role with Edit permission, along with the current role, the existing access they have is changed.
They are now able to edit the Publish Tasks they did not / should not be able to Edit.
In my NP Console set up we had actually never used the default "User" role.
We already had custom roles set up for an "Invoicing User" which only has access to 3 Apps - These 3 Apps they could not Edit the Publish Task.
The new Security Role was also for "Invoicing User - New App" which just has the Edit Publish Task on this one new App.
The Users who are affected are members of a Group - "Invoicing Group" . This Group is also assigned the Security Role for both "Invoicing User" & "Invoicing User - New App".
Could this be where the issue lies? A user being a member of a Group with a Security Role and also being directly assigned a Security Role?
And last one @Frank_S ,
There appears to be one part that is working which is very strange.
So on the permissions for Existing "Invoicing User" there is nothing ticked for "Filters".
On the new Security Role "Invoicing User - New App" when I tick the Edit Publish Task permission the "Filters" View tickbox gets automatically ticked.
Now this is where it is strange....on the "Existing" "Invoicing User" role this works so I cannot see the filters on the Publish Task, which Yes is correct, but why does this appear to work, however, the Edit Task does not.
There does seem to be some distinction between them and is working to a certain degree, however, I can't see why the Edit does not work on the two Custom Roles.
Existing "Invoicing User" permissions - Existing Three Apps.
New "Invoicing User - New App" - Permissions - Just new app under selected Items:
