Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
ErikWetterberg

Give access to a strem to everybody who has access to another stream

Hi,

We have two streams where we want everybody with access to stream A to have access also to stream B. Is it possible to create such a rule?

Erik Wetterberg

4 Replies
Levi_Turner
Employee
Employee

Hey Erik,

I am not seeing a way to do that style of inheritance in any direct sense. You can always create a security rule which simultaneously grants access to two streams. Example rule:

  • Filter: Stream_*
  • Actions: Read + Publish
  • Conditions: ((resource.name="Stream 1" or resource.name="Stream 2") and user.name = "ExampleUserName")
  • Context: Hub (or Both)

user.name = "ExampleUserName" can always be adjusted to use user.group or some other attribute information so that you do not need to statically assign users to these two streams.


Hope that help.

ErikWetterberg
Author

Thanks,

I'll try that approach.

Erik Wetterberg

dwforest
Specialist II
Specialist II

We created custom properties that apply to users and streams, then a rule to say if the user property matches the stream property, they have access

rule applied to Stream_*

((user.@StreamSecurity=resource.@StreamSecurity))

adding this to grant access to apps in a stream

App*

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript") and resource.app.stream.HasPrivilege("read"))

Levi_Turner
Employee
Employee

Yep, custom properties can work here, although from a management perspective custom properties should be used judiciously and ideally reserved for instances where existing meta-data is not well scoped for use in security rules.

In the example that you are using, it would require setting a property (which is an explicit QMC activity or requires custom work to assign via APIs) on each new user to on-board. On-boarding a new stream means re-using an existing custom property or assigning new one to the stream + all the users.

Custom Properties are great but can be a bit of a chore to use depending on volume of users / frequency of changes. Doing things 10 times is fine. But doing it 200 times creates a fair amount of administrative overhead.

So if there is existing user meta-data from a User Directory Connector (AD / LDAP / a Database), it's ideal to leverage this information but, unfortunately, it isn't always available or tailored for use.