Qlik Community

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

Announcements
Make your voice heard! Participate in the 2020 Wisdom of Crowds® Survey. BEGIN SURVEY
Highlighted
patricesalem
Contributor

Yet another sheet access protection

Hello

 

I've been working hours to try to hide a sheet from an app containing a Vizlib extension (as all users don't have access to it.

I've been reading Qlik article and also @rohitk1609 posts and white paper.

I have also gone through a very good video explaning also how to create a new stream and use custom properties.

Nevertheless, I want to keep working off my everyone stream in which I have 3 apps : Target, Volumes and test.

In test (duplicate of volumes), I have 12 sheets and one of them is called VIZLIB and I would like to give access to this sheet only to 10 users.

I'm the owner of Volumes and test. I'm not the owner of Targets. Users are managed through AD.

 

I have disabled the original Stream:

2020-02-15 01_14_18-Security rules - QMC.jpg

(if I disable StreamEveryone then the everyone stream disappears - conditions = !user.IsAnonymous())

I have then created a new security rule and tried to hide test to myself (before trying to hide the sheet VIZLIB in it).

The condition is :

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and RESOURCE.NAME = "test")) and
(user.Name = "My Name") and resource.app.stream.HasPrivilege("read")))

2020-02-15 01_16_55-Edit security rule - QMC.jpg

The only result of disabling the initial stream is that Targets don't appear anymore (I'm not the owner of it).

Both Volumes and test are still there maybe because I'm the owner. I tried to deactivate the owner rule - impossible.

Any help would be greatly appreciated

thanks

2020-02-15 01_25_53-Edit security rule - QMC.jpg

 

 

Tags (1)
2 Replies
Highlighted
rohitk1609
Valued Contributor III

Re: Yet another sheet access protection

Hi,

StreamEveryone security rule seems like a fix to resource level security concept which depends on disabling Stream rule.

Earlier when you disable   Stream default rule it was affecting Everyone stream too.

Now come to the hiding sheet:

You are right when you say you Both Volumes and test are still there maybe because I'm the owner. 

Best way to test security rules is , test with another user rather than your own.

you should write three level of rules, stream level, then app level at last apps object level and in app objects, you should write lets say user =Rohit and sheet!=Sheet1 rather than user =Rohit and sheet=Sheet2. Please avoid the syntax , it is just to explain the approach.

Please refer my doc how I created these rules.

Thanks,

Rohit

Highlighted
patricesalem
Contributor

Re: Yet another sheet access protection

Thanks for the head up Rohit - I will try with a user login...

Nevertheless, I don't understand why I don't see the Target app after having creating new stream and stream app rules.

Do you have a tip to give me ?

 

thanks