Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Partner
Partner

Allowing end users to create bookmarks on sheets

Good afternoon Qlik Community,

I am new to Qlik Sense I am hoping you can help me on an issue we are having.

What we are trying to accomplish - 

  • Allow end users to create bookmarks on sheets with the least privileges
    • This would not allow users to create other objects such as stories, other sheets, or etc. ONLY Bookmarks

Here are a few previous postings that were used as a guide to create the below rule:

Resource Filter

App.Object_Bookmark* 

Actions

Create

Conditions

!resource.App.stream.Empty()

and resource.App.HasPrivilege("read")

and (resource.objectType = "sheet")

and !user.IsAnonymous()

When using the audit portion it does look like this is exactly what we needed and it seems to apply the permissions correctly, however, it does not allow the users to create bookmarks, as I have tested this with a standard user account.

We are also noticing that it is not all sheets are behaving in the same fashion. Some of the sheets belong to a different stream, one stream allows users to publish while the other does not. The one that is working allows users to publish.

So the questions are:

  1. What are the least privileges you need to create bookmarks?
  2. Can this be done without allowing unnecessary privileges?
  3. Is there a document discussing the hierarchy to better understand Least-Privilege administration in Qlik?
1 Solution

Accepted Solutions
Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Updating my original post as it is now solved. The problem I was having with the other posts not working was a bug in sync persistence shown here.

https://qliksupport.force.com/QS_CaseWizardKnowledgeArticle?Id=ka5D00000004RtIIAU

The straight-forward method is this:

Filter: App.Object_*

Action: Create

Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "bookmark") and !user.IsAnonymous()

Context: Hub

Logic: Non-anonymous users can create app objects on apps which belong to streams where the user has read privileges already and the object that they are creating are bookmarks.

Additionally, the publish rights to the stream is not required.

View solution in original post

5 Replies
Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Updating my original post as it is now solved. The problem I was having with the other posts not working was a bug in sync persistence shown here.

https://qliksupport.force.com/QS_CaseWizardKnowledgeArticle?Id=ka5D00000004RtIIAU

The straight-forward method is this:

Filter: App.Object_*

Action: Create

Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "bookmark") and !user.IsAnonymous()

Context: Hub

Logic: Non-anonymous users can create app objects on apps which belong to streams where the user has read privileges already and the object that they are creating are bookmarks.

Additionally, the publish rights to the stream is not required.

View solution in original post

Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Thank you so much for posting this. I've been driving myself crazy reading all the documentation on how to do this. Don't know if I should be relieved or worried that it turned out just to be a bug...

Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Hi James,

I'm not able to look into the support ticket, but I solved it by restarting the services. Is that what the bug is? So after changing the security rule restarting the services?

Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Basically, there is an issue with sync persistence that means you will need to recycle your services on all nodes due to caching from the repository service.

They provide a way of disabling the caching all together, but we opted not to do this because of how many users we get to log into the system. I believe this was the better route as I didn't want to track making custom changes due to a bug and confirm when I would need to revert. I just make note that services may need to be restarted as we wait for shared persistence. I would also like to add that this was the only time it happened for us, so it is a rare occurrence.

Highlighted
Partner
Partner

Re: Allowing end users to create bookmarks on sheets

Thanks, that explains why restarting the services fixes my issue of applying the business rules.