Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
I'm using version 3.2 SR2 and I modified the following security rule:
CreateAppObjectsPublishedApp
adding the below condition :
and (user.group="role_dev" or user.group="role_ext")
---
!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")
---
However I noted a user not belonging to the "role_dev" or "role_ext" is able to create app objects ex. sheet object.
Is it a BUG ???
Please let me know asap.
Many thanks in advance for your time.
Best Regards
Andrea
good news for Qlik and for customers of course!
after some try I understand the rule actually it's working as expected, because the user is not able to create app objects even if the button ex. (create new sheet) is shown.
what's happening is the user create a new sheet, but after page refreshed the sheet created disappear in according with the security rule associated.
i think Qlik should improve this behavior hiding the corresponding HTML element.
i hope it's clear.
!resource.App.stream.Empty() and
resource.app.@YOURAPPCUSTOMRPOPERTY="YOURCUSTOMAPPVALUE" and
resource.name!="YOURSHEETS" and
(resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.group="role_dev" or user.group="role_ext")
and
( user.group!="YOURRESTICTEDGROUP")
Maybe try this one?
Not sure but it worked for me
actually I need to disable all app objects creation, not only sheet.
Disable all objects for everyone?
yes for everyone except for the root admin.
Disable the default CreateObject rule in your QMC Security Rules Tab. Check above image?
This will disable for all (including Root Admin)
In sometime I'll let you know how to enable for Root admin. Will test it and update it here.
Thanks.
it's already disabled.
Use the Audit page to show which rules are granting which rights to whom on what object. See this video for details: Auditing security - Qlik Sense 2.1 - YouTube
I think as you disable the Default CreateObject rule it should disable editing for all users.
If that's not happening then I'm not sure why?
Can you make sure the rule is disabled?
As you can see below I disabled the rule
but all users are still able to create new objects for the published app!!!???