I am having some issues using security rules to hide the edit button/duplicate sheet/create new sheet options in a published app for end users. I have seen this webinar --> SenseSecurityRules.mp4 - Google Drive that shows that the edit button and create sheet options can indeed be hidden. Is this still possible, or could it only be done in an older release? I have tried adding a line to CreateAppObjectsPublishedApp that checks the user directory, "and user.UserDirectory != "XYZDirectory" and I have tried simply disabling the rule all together. In either case, the end users can still see the edit button/duplicate sheet/create new sheet options, and can utilize all three. However, upon refresh of the page, if a sheet was added or duplicated, it will be gone. The same goes for bookmarks and stories, as they are also app objects (I know that I could use logic to exclude these). I saw another very recent thread where someone was having this exact issue --> https://community.qlik.com/thread/256168 -- This user suggests that this is the expected behavior of the rule being disabled (explicitly or via logic). Can anyone shed some light on this for me? Is it no longer possible to hide the aforementioned options in 3.2 SR2? Is duplicating a sheet not considered a create option/is it a read? I also implemented the example from Qlik --> https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Confi...
Solved! Go to Solution.
We sorted it out! Though nowhere in documentation, Qlik services must be restarted for thee change to take effect if a default rule is changed. However, services do not need to be restarted after a custom rule add of change. Upon restart, the rules commit back to the DB. Qlik is saying that this is working as designed -- feature, not a bug, etc. Hopefully they will add it to the documentation. Qlik technicians were helpful, thank you! Hopefully this will help those that had the same issue,
I'm working on trying to figure out this same question. One thing I can add is that some of my apps do not show Edit, Duplicate Sheet, and Create New Sheet...meaning I know it is possible, but the security rules seem to have no effect. I'm wondering if my Section Access policies are affecting the permissions.
I was dealing with similar issue a while ago and here are few references:
The help topic mentioned in the post is now located at: https://help.qlik.com/en-US/sense/3.2/Subsystems/ManagementConsole/Content/apply-access-rights-for-u...
Still works well on my system, hope you will be able to use this approach in your case as well.
P.S. When applicable, please mark this answer Correct or Helpful.
I have section access on my app too -- not sure why that would interfere, but it is possible. Thanks for the feedback.
I have seen both of those examples, actually. I implemented what is described at this link:
I am wondering if this might be an SR2 issue? It just seems so bizarre that I have the same issue/functionality as another user, just days after they have the same issue: https://community.qlik.com/thread/256168
Basically new objects can be created/duplicated, but do not persist after refresh. I walked through a few examples step by step, and that has been the result each time. Have you or anyone else had issues with section access and security rules?
Thanks for your feedback and time!
I appreciate the feedback, though I have already reviewed those references.
We are following those same steps using the alternatively suggested method of user directories instead of custom properties, and the rule does indeed seem to suppress the app objects from being created, yet when we open the app, it still displays the options to "Create new sheet", "Edit", etc...
So I just got off the phone with a couple of Qlik techs -- my issue has to do with section access. Apparently there is some sort of conflict with the security rules, which is not well documented at all. No idea why they will not play well with one another. I was able to hide the edit button and such on an app without section access. Hopefully there will be some sort of fix, because it is a real basic end user scenario to use section access with security rules. Has anyone used the two together successfully (to hide the edit button and duplicate sheet and such)?