Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
vlad_komarov
Partner - Specialist III
Partner - Specialist III

Disabling "Create new sheet" and other options

Hi,

Just looking for a solution to disable "Add Data", "Duplicate Sheet" , "Delete Sheet" , "Export Sheet", "Create new sheet" options.

Is it possible in QS v. 1.x or 2.x?

Regards,

Vladimir

15 Replies
Gysbert_Wassenaar

That should be possible in both by creating custom security rules for those action - resource type combinations. See the online help for more information: http://help.qlik.com/sense/2.0/en-US/online/#../Subsystems/ManagementConsole/Content/security-rules-...


talk is cheap, supply exceeds demand
vlad_komarov
Partner - Specialist III
Partner - Specialist III
Author

Gysbert, Thank you for reply. I've reviewed the help article, but I would need some clarification how to apply a newly created rule to specific control/action/system feature in the application. Could you please provide some examples?

Regards,

Vladimir

vlad_komarov
Partner - Specialist III
Partner - Specialist III
Author

To simplify the task: It's not clear for me how to apply a "Read Only" rule for users. Will the Selection functionality work in this case? It's more confusing in QS vs. QV, IMHO.

VK

rubenmarin

Hi Vladimir, I'm not an expert in sense security yet but take care with already active rules.

In example there is a rule CreateAppObjectsPublishedApp wich gives permission to create sheets to all user that can read the app.

You should disable or make more restrictive this rule in example adding a custom property or admin role to users and adding this restriction to the rule:  and (user.@role="Admin")

This way the rule only applies if the user has its custom property "role" with the value "Admin"


Again, I'm not an expert in this, still learning.

vlad_komarov
Partner - Specialist III
Partner - Specialist III
Author

Ruben,

Thank you for reply. Have tried it, but this option does not seems to work.

Here is the code:

Filter:

App.Object_*

Condition:

!resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and (user.@role="RootAdmin" or user.@role="ContentAdmin")

And the "Create New Sheet" option is still available on published stream...

I've cleared the Browser History and Cookies, just to make sure, but still no changes...

😠

VK

vlad_komarov
Partner - Specialist III
Partner - Specialist III
Author

I've found this article on QS help site (😞

https://help.qlik.com/sense/1.1/en-US/online/Subsystems/ManagementConsole/Content/ServerUserGuide/SU...

A bit complicated approach, but seems to work for my case.

Thank you for suggestions!

Regards,

Vladimir

rubenmarin

OK, just to clarify... "RootAdmin" and "ContentAdmin" are predefedined Admin Roles, wich is a different approach than using a custom property named 'role'.

If you are using admin roles, the syntax in security rules should be:

and (user.roles="RootAdmin" or user.roles="ContentAdmin")

korsikov
Partner - Specialist III
Partner - Specialist III

hey do you speak in Russian?

I recently solved a similar question now find examples of its safety regulations.

Я уверен что проблема в том что не отключено правило безопасности по умолчанию отвечающее за создание новых приложений.Называется "CreateApp" его необходимо для начала выключить, а потом создать свое правило определяющее группу пользователей которые могут создавать приложения.

вот пример взял из хелпа

resorce filter App_*,FileReference_*

condition ((user.@Usertype="Developer")) and !user.IsAnonymous()

only in hub

Action : create

Если есть какие то еще вопросы по правилам безопасности пишите, это моя любимая тема для исследований.

vlad_komarov
Partner - Specialist III
Partner - Specialist III
Author

Еще как говорю!

Разбираться с новым продуктом без Русского мата иногда тяжело...

Будет хоть с кем поделится...

I did exactly that, have created custom rules, disabling "standard" ones (based on https://help.qlik.com/sense/1.1/en-US/online/Subsystems/ManagementConsole/Content/ServerUserGuide/SU...‌info).

But still having few issues, primarily in handling consequences of these new rules activation. I will try to submit the list of issue a later today.