Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Save the Date: QlikWorld Online, June 24-25, 2020. Free global virtual event for data integration and data analytic gurus. Register Today
Honored Contributor

Give access to a strem to everybody who has access to another stream

Hi,

We have two streams where we want everybody with access to stream A to have access also to stream B. Is it possible to create such a rule?

Erik Wetterberg

4 Replies
Highlighted
Employee
Employee

Re: Give access to a strem to everybody who has access to another stream

Hey Erik,

I am not seeing a way to do that style of inheritance in any direct sense. You can always create a security rule which simultaneously grants access to two streams. Example rule:

  • Filter: Stream_*
  • Actions: Read + Publish
  • Conditions: ((resource.name="Stream 1" or resource.name="Stream 2") and user.name = "ExampleUserName")
  • Context: Hub (or Both)

user.name = "ExampleUserName" can always be adjusted to use user.group or some other attribute information so that you do not need to statically assign users to these two streams.


Hope that help.

Highlighted
Honored Contributor

Re: Give access to a strem to everybody who has access to another stream

Thanks,

I'll try that approach.

Erik Wetterberg

Highlighted
Valued Contributor II

Re: Give access to a strem to everybody who has access to another stream

We created custom properties that apply to users and streams, then a rule to say if the user property matches the stream property, they have access

rule applied to Stream_*

((user.@StreamSecurity=resource.@StreamSecurity))

adding this to grant access to apps in a stream

App*

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript") and resource.app.stream.HasPrivilege("read"))

Highlighted
Employee
Employee

Re: Give access to a strem to everybody who has access to another stream

Yep, custom properties can work here, although from a management perspective custom properties should be used judiciously and ideally reserved for instances where existing meta-data is not well scoped for use in security rules.

In the example that you are using, it would require setting a property (which is an explicit QMC activity or requires custom work to assign via APIs) on each new user to on-board. On-boarding a new stream means re-using an existing custom property or assigning new one to the stream + all the users.

Custom Properties are great but can be a bit of a chore to use depending on volume of users / frequency of changes. Doing things 10 times is fine. But doing it 200 times creates a fair amount of administrative overhead.

So if there is existing user meta-data from a User Directory Connector (AD / LDAP / a Database), it's ideal to leverage this information but, unfortunately, it isn't always available or tailored for use.