Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
johnh
Partner - Creator
Partner - Creator
‎2014-11-21 07:51 AM

How do I setup a user to see 2 stream but only has access to the tasks in 1.

Hi All,

I am needing to setup security rules to do the following:

A user needs access to 2 Stream in the Hub (Say Sales and Solutions).

In the one Stream (Sales) he can only view the Apps in the Hub.

For the other Stream (Solutions) he can view and manage the reload tasks via QMC.

Overall in QMC the user should only have access to the App and Tasks for the Solutions Stream.

So far I have managed to set the user up so that he can only se Apps and Tasks in QMC as well as both Streams in the Hub.

However I cannot seem to stop him from seeing the Sales Stream Tasks and Apps in QMC.

Is there a way to do this?

Thanks

John

4,948 Views
1 Solution

Accepted Solutions
korsikov
Partner - Specialist III
Partner - Specialist III
‎2014-11-21 10:27 AM

if needed I have expamle security rules

1. Allow user Atest read stream "Core" only in HUB

2. Allow user Atest read stream "test" both in QMC and Hub

3 Create rule to acces to section QMC

rule2.png

4. Aand allow access to resources to which it has permission to read

rule1.png

Certainly recommend instead of specifying a particular user in the rules make reference to a custom properties of users.

result.

I see a hub applications in both streams. and in the management console only applications from stream  "test", and tasks for these applications

View solution in original post

1,377 Views
9 Replies
korsikov
Partner - Specialist III
Partner - Specialist III
‎2014-11-21 09:34 AM

Oh, interesting task.

What rules will allow users to view applications in the console and the problem for them?

I would create 2 rules.

1. allow user read to stream's  in HUB

2. allow user read and reload app in QMC

need to pay attention to the default rules that can perform actions with applications if the user has permission to stream.

Try to make an example on its server. If you succeed, I will describe an example.

1,377 Views
0 Likes
Michael_Tarallo
Employee
Employee
‎2014-11-21 09:41 AM

Hi John,

Have you  looked at applying the appropriate context to the stream rule - when creating streams there is an associated access rule editor that displays - if you select Advanced you can choose to select where the rule is valid. Such as apply to the hub, qmc or both:

Give that a try and let us know.

Please mark the appropriate replies as helpful / correct so our team and other members know that your question(s) has been answered to your satisfaction.

Regards,

Mike Tarallo

Qlik

Regards,
Mike Tarallo
Qlik
1,377 Views
0 Likes
johnh
Partner - Creator
Partner - Creator
‎2014-11-21 09:48 AM
Author

In response to Michael_Tarallo

Hi Michael / Alexander,

Now that you point out the Hub / QMC / Hub and QMC option it all falls into place.

I think I got myself too buried in the security rules to consider that.

Thanks

1,377 Views
0 Likes
Michael_Tarallo
Employee
Employee
‎2014-11-21 09:51 AM

In response to johnh

Great - however I am still looking at providing you with a solid example - this is a good use case. I will update you with a solution shortly.

Mike

Regards,
Mike Tarallo
Qlik
1,377 Views
0 Likes
Michael_Tarallo
Employee
Employee
‎2014-11-21 10:27 AM

In response to johnh

Hey John - you may find this help topic sample example interesting - this may also be something you want to do:

Security rules example: Creating QMC organizational admin roles

This gets into more detail how you can define custom rules using the resource.resourcetype attribute and the QmcSection_* resource filter - with this combination - you can lock down almost anything and create custom roles that you assign to users.

Mike

Regards,
Mike Tarallo
Qlik
1,377 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2014-11-21 10:27 AM

if needed I have expamle security rules

1. Allow user Atest read stream "Core" only in HUB

2. Allow user Atest read stream "test" both in QMC and Hub

3 Create rule to acces to section QMC

rule2.png

4. Aand allow access to resources to which it has permission to read

rule1.png

Certainly recommend instead of specifying a particular user in the rules make reference to a custom properties of users.

result.

I see a hub applications in both streams. and in the management console only applications from stream  "test", and tasks for these applications

1,378 Views
Michael_Tarallo
Employee
Employee
‎2014-11-21 10:29 AM

In response to johnh

Oh one more thing, note that security rules are additive - that means even thought you created a new rule, another rule might override your new rule. So make sure to disable the other rules that may provide access to a resource, when your rule is trying to deny access to a resource etc.

Mike

Regards,
Mike Tarallo
Qlik
1,377 Views
johnh
Partner - Creator
Partner - Creator
‎2014-11-24 04:23 AM
Author

Hi Michael / Alex,

Thanks for you help. I have it working and now have a better understanding of security roles.

One thing I have found is that you need to properly plan and implement your Security Rules. Then of course you need to have some form of documentation / naming conventions so that others in you team can pickup where you left of. It is a lot more complicate that QV but I can see the benefits.

Cheers

1,377 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2014-11-24 04:56 AM

In response to johnh

For these purposes, I always mark my rules a  tag. So much easier to understand me and  other administrators  were  default rule and which were added later

p.s.

Add more questions. Security rules in the  Q Sernse server is a very interesting area that requires diligent study

1,377 Views
0 Likes