Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
Benbassou
Partner - Contributor III
Partner - Contributor III

Dedicate a node to a stream - Security rules

Hello,

Can anyone let me know how to show a stream only in a specific node

i have a 2 node cluster.. and i would like to dedicate RIM01 specific to Stream1. RIM02 to Steam2.  Meaning any request to that streams or apps in that stream should go to there nodes

So, if a go to RIM01 the Stream2 should be hidden etc...

1. Central node

2. RIM02 -- Repository + Engine

3. RIM03 -- Repository + Engine + Scheduler

i tried lot of security rules like

Filter : ServerNodeConfiguration_*,Stream_*

(node.@NodeUse="dev") and (node.@NodeType=stream.@StreamType and !resource.stream.Empty())

or

Filter : ServerNodeConfiguration_*,Stream_*

((resource.resourcetype = "Nodes" and resource.name="RIM01")) and ((resource.name="test"))

or

Filter : ServerNodeConfiguration_*,Stream_*

((resource.resourcetype = "Nodes" and resource.name="RIM01")) and ((resource.resourcetype = "Streams" and resource.name="Test"))

but none of them work 😕

Thanks

4 Replies
Levi_Turner
Employee
Employee

So from a functionality perspective, this is going to be the use case of Load Balancing rules, not Security Rules.

For a window into how to handle streams in Load Balancing Rules, look at the default rule:

((node.iscentral="false" and resource.stream.id!="SomeStreamGUID"))

This style of syntax load balances all apps except apps in the Monitoring Apps stream to RIM nodes.

duzunic88
Contributor II
Contributor II

@Levi_Turner Quick question on this.

This does indeed work but the actual stream itself is still visible while the apps inside it are not.  However, is it possible for the actual stream not to be visible based on what node you are on?

The reason for this being is I want to allow my developers to only be able publish apps from their work space to certain streams.  Once I allow them to be able to publish, they can publish to all streams they have access to. I can take away their access to certain streams but then not only can they not publish there but they can't see the apps either.  My hope was to have them on one proxy be able to publish to certain streams and on another be able to read all the streams.  Thoughts?

Levi_Turner
Employee
Employee

However, is it possible for the actual stream not to be visible based on what node you are on?

Not really. There's an approach using SAML which can be used but isn't ideal.

Once I allow them to be able to publish, they can publish to all streams they have access to.

I am not following this. The Publish action, which admittedly is on by default when creating stream rules, is discrete. You can configure Qlik Sense such that a user has read rights on a stream but not Publish rights.

duzunic88
Contributor II
Contributor II

Thanks for the response!

- I am not following this. The Publish action, which admittedly is on by default when creating stream rules, is discrete. You can configure Qlik Sense such that a user has read rights on a stream but not Publish rights.

Right I can limit someone the ability not to publish items within that stream, like a community sheet but even if Publish rights are not enabled on that stream, I would still be able to publish an app to that stream from my work space right?  The only way to prevent someone from publishing an app  specifically from their work space to a stream is by completely taking away their access to see that stream.  Correct? If I right click on an app and click "Publish" the list of available streams from the drop down are all the ones that I have access to. It would be great if, 5 items showed in the dropdown, I could only be allowed to publish to 2 for example.