When following these instructions:

Task:

            Grant or restrict access at a stream level

Step 1:

1. 1.     Create a new custom property
2. 2.     Name it something like:    AppLevelRestrictions
3. 3.     Pick the resource type:
   1. a.     apps/users
4. 4.     Add values:
   1. a.     “Finance Restrictions”

Step 2:

1. 1.     Copy the default security rules default stream Name & condition & disable rule

Note: The apps should disappear in the stream

1. 2.     Create a new security rule similar to the default rule you just disabled
2. 3.     Use the App access template
3. 4.     Assign the same default name like: Stream Rule – Apps Default Rule
4. 5.     Resource Filter: App_*
5. 6.     Copy the default security rule condition you copied above & add this text after: resource.stream.Has.Privilege(“read”) and before the “) or”
   1. a.     This text: and resource.AppLevelRestrictions.empty()
6. 7.     Check action “read”

Note: you should now see all the apps again in the stream

Something we noticed that there is a problem is when we copied in the default Stream rule, the text was highlighted with red underlines telling me it is not correct. When we try to validate the rule it returns a validate message.

Step 3:

1. 1.     Now go to the Finance App you want restricted and add the custom property AppLevelRestrictions:
   1. a.     “Finance Restrictions”

Note: you should not see the Finance apps in the stream

       At this point we can still see the App

Any thoughts?