Qlik Community

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

agigliotti
Honored Contributor II

Qlik Sense security rule problem

Hello,

I'm using version 3.2 SR2 and I modified the following security rule:

CreateAppObjectsPublishedApp

adding the below condition :

and (user.group="role_dev" or user.group="role_ext")

---

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and (user.group="role_dev" or user.group="role_ext")

---

However I noted a user not belonging to the "role_dev" or "role_ext" is able to create app objects ex. sheet object.

Is it a BUG ???

Please let me know asap.

Many thanks in advance for your time.

Best Regards

Andrea

Tags (1)
1 Solution

Accepted Solutions
agigliotti
Honored Contributor II

Re: Qlik Sense security rule problem

good news for Qlik and for customers of course!

after some try I understand the rule actually it's working as expected, because the user is not able to create app objects even if the button ex. (create new sheet) is shown.

what's happening is the user create a new sheet, but after page refreshed the sheet created disappear in according with the security rule associated.


i think Qlik should improve this behavior hiding the corresponding HTML element.

i hope it's clear.

21 Replies
Khan_Mohammed
Honored Contributor II

Re: Qlik Sense security rule problem

!resource.App.stream.Empty() and

resource.app.@YOURAPPCUSTOMRPOPERTY="YOURCUSTOMAPPVALUE" and

resource.name!="YOURSHEETS" and

(resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or  resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.group="role_dev" or user.group="role_ext")

and

( user.group!="YOURRESTICTEDGROUP")



Maybe try this one?

Not sure but it worked for me

agigliotti
Honored Contributor II

Re: Qlik Sense security rule problem

actually I need to disable all app objects creation, not only sheet.

Khan_Mohammed
Honored Contributor II

Re: Qlik Sense security rule problem

Disable all objects for everyone?

agigliotti
Honored Contributor II

Re: Qlik Sense security rule problem

yes for everyone except for the root admin.

Khan_Mohammed
Honored Contributor II

Re: Qlik Sense security rule problem

Capture.PNG

Disable the default CreateObject rule in your QMC Security Rules Tab. Check above image?

This will disable for all (including Root Admin)

In sometime I'll let you know how to enable for Root admin. Will test it and update it here.

Thanks.

agigliotti
Honored Contributor II

Re: Qlik Sense security rule problem

it's already disabled.

Re: Qlik Sense security rule problem

Use the Audit page to show which rules are granting which rights to whom on what object. See this video for details: Auditing security - Qlik Sense 2.1 - YouTube


talk is cheap, supply exceeds demand
Khan_Mohammed
Honored Contributor II

Re: Qlik Sense security rule problem

I think as you disable the Default CreateObject rule it should disable editing for all users.

If that's not happening then I'm not sure why?

Can you make sure the rule is disabled?

agigliotti
Honored Contributor II

Re: Qlik Sense security rule problem

As you can see below I disabled the rule

securityRules_03.png

but all users are still able to create new objects for the published app!!!???

Community Browser