Qlik Community

Ask a Question

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

Announcements
Welcome to our newly redesigned Qlik Community! Read our blog to learn about all the new updates: READ BLOG and REPORTED ISSUES
cancel
Showing results for 
Search instead for 
Did you mean: 
Partner
Partner

Qlik Sense security rule problem

Hello,

I'm using version 3.2 SR2 and I modified the following security rule:

CreateAppObjectsPublishedApp

adding the below condition :

and (user.group="role_dev" or user.group="role_ext")

---

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")

---

However I noted a user not belonging to the "role_dev" or "role_ext" is able to create app objects ex. sheet object.

Is it a BUG ???

Please let me know asap.

Many thanks in advance for your time.

Best Regards

Andrea

1 Solution

Accepted Solutions
Partner
Partner

good news for Qlik and for customers of course!

after some try I understand the rule actually it's working as expected, because the user is not able to create app objects even if the button ex. (create new sheet) is shown.

what's happening is the user create a new sheet, but after page refreshed the sheet created disappear in according with the security rule associated.


i think Qlik should improve this behavior hiding the corresponding HTML element.

i hope it's clear.

View solution in original post

21 Replies
Master II
Master II

!resource.App.stream.Empty() and

resource.app.@YOURAPPCUSTOMRPOPERTY="YOURCUSTOMAPPVALUE" and

resource.name!="YOURSHEETS" and

(resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or  resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.group="role_dev" or user.group="role_ext")

and

( user.group!="YOURRESTICTEDGROUP")



Maybe try this one?

Not sure but it worked for me

Partner
Partner

actually I need to disable all app objects creation, not only sheet.

Master II
Master II

Disable all objects for everyone?

Partner
Partner

yes for everyone except for the root admin.

Master II
Master II

Capture.PNG

Disable the default CreateObject rule in your QMC Security Rules Tab. Check above image?

This will disable for all (including Root Admin)

In sometime I'll let you know how to enable for Root admin. Will test it and update it here.

Thanks.

Partner
Partner

it's already disabled.

MVP & Luminary
MVP & Luminary

Use the Audit page to show which rules are granting which rights to whom on what object. See this video for details: Auditing security - Qlik Sense 2.1 - YouTube


talk is cheap, supply exceeds demand
Master II
Master II

I think as you disable the Default CreateObject rule it should disable editing for all users.

If that's not happening then I'm not sure why?

Can you make sure the rule is disabled?

Partner
Partner

As you can see below I disabled the rule

securityRules_03.png

but all users are still able to create new objects for the published app!!!???