Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.
Just looking for a solution to disable "Add Data", "Duplicate Sheet" , "Delete Sheet" , "Export Sheet", "Create new sheet" options.
Is it possible in QS v. 1.x or 2.x?
That should be possible in both by creating custom security rules for those action - resource type combinations. See the online help for more information: http://help.qlik.com/sense/2.0/en-US/online/#../Subsystems/ManagementConsole/Content/security-rules-...
Gysbert, Thank you for reply. I've reviewed the help article, but I would need some clarification how to apply a newly created rule to specific control/action/system feature in the application. Could you please provide some examples?
To simplify the task: It's not clear for me how to apply a "Read Only" rule for users. Will the Selection functionality work in this case? It's more confusing in QS vs. QV, IMHO.
Hi Vladimir, I'm not an expert in sense security yet but take care with already active rules.
In example there is a rule CreateAppObjectsPublishedApp wich gives permission to create sheets to all user that can read the app.
You should disable or make more restrictive this rule in example adding a custom property or admin role to users and adding this restriction to the rule: and (user.@role="Admin")
This way the rule only applies if the user has its custom property "role" with the value "Admin"
Again, I'm not an expert in this, still learning.
Thank you for reply. Have tried it, but this option does not seems to work.
Here is the code:
!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.@role="RootAdmin" or user.@role="ContentAdmin")
And the "Create New Sheet" option is still available on published stream...
I've cleared the Browser History and Cookies, just to make sure, but still no changes...
I've found this article on QS help site (😞
A bit complicated approach, but seems to work for my case.
Thank you for suggestions!
OK, just to clarify... "RootAdmin" and "ContentAdmin" are predefedined Admin Roles, wich is a different approach than using a custom property named 'role'.
If you are using admin roles, the syntax in security rules should be:
and (user.roles="RootAdmin" or user.roles="ContentAdmin")
hey do you speak in Russian?
I recently solved a similar question now find examples of its safety regulations.
Я уверен что проблема в том что не отключено правило безопасности по умолчанию отвечающее за создание новых приложений.Называется "CreateApp" его необходимо для начала выключить, а потом создать свое правило определяющее группу пользователей которые могут создавать приложения.
вот пример взял из хелпа
resorce filter App_*,FileReference_*
condition ((user.@Usertype="Developer")) and !user.IsAnonymous()
only in hub
Action : create
Если есть какие то еще вопросы по правилам безопасности пишите, это моя любимая тема для исследований.
Еще как говорю!
Разбираться с новым продуктом без Русского мата иногда тяжело...
Будет хоть с кем поделится...
I did exactly that, have created custom rules, disabling "standard" ones (based on https://help.qlik.com/sense/1.1/en-US/online/Subsystems/ManagementConsole/Content/ServerUserGuide/SU...info).
But still having few issues, primarily in handling consequences of these new rules activation. I will try to submit the list of issue a later today.