I have also gone through a very good video explaning also how to create a new stream and use custom properties.
Nevertheless, I want to keep working off my everyone stream in which I have 3 apps : Target, Volumes and test.
In test (duplicate of volumes), I have 12 sheets and one of them is called VIZLIB and I would like to give access to this sheet only to 10 users.
I'm the owner of Volumes and test. I'm not the owner of Targets. Users are managed through AD.
I have disabled the original Stream:
(if I disable StreamEveryone then the everyone stream disappears - conditions = !user.IsAnonymous())
I have then created a new security rule and tried to hide test to myself (before trying to hide the sheet VIZLIB in it).
The condition is :
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and RESOURCE.NAME = "test")) and (user.Name = "My Name") and resource.app.stream.HasPrivilege("read")))
The only result of disabling the initial stream is that Targets don't appear anymore (I'm not the owner of it).
Both Volumes and test are still there maybe because I'm the owner. I tried to deactivate the owner rule - impossible.
StreamEveryone security rule seems like a fix to resource level security concept which depends on disabling Stream rule.
Earlier when you disable Stream default rule it was affecting Everyone stream too.
Now come to the hiding sheet:
You are right when you say you Both Volumes and test are still there maybe because I'm the owner.
Best way to test security rules is , test with another user rather than your own.
you should write three level of rules, stream level, then app level at last apps object level and in app objects, you should write lets say user =Rohit and sheet!=Sheet1 rather than user =Rohit and sheet=Sheet2. Please avoid the syntax , it is just to explain the approach.