Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Highlighted
Partner
Partner

How to remove the possibility for anonymous users to see objects in the applications created by the community.

interesting task. It is essential that anonymous users can not see the sheets, history, created and published by authorized users.

In QMC section 'appobjects' it's object maked as Approved ='not approved' and Published='published'

Help me find a rule allowing all users who have permission to read the application to see objects published by other users.

1 Solution

Accepted Solutions
Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Yippee!

I did it!

All the same, my idea was correct

My security rule "Stream"

Resorce filter  App*

condition

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true")  and resource.app.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

Context Both

Action Read

12 Replies
Not applicable

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Alexander,

Review the following rules:

CreateAppObjectsPublishedApp

Basically this rule allows users who have read privileges on an app can create sheets, stories, bookmarks, and snapshots as long as the user is NOT anonymous.  This is a default rule in Qlik Sense.


CreateApp

This rule allows all users NOT anonymous to create App resources.


OwnerPublishAppObject

Allows owners of their content to publish it.


There are some others but these are the main ones.


I should add that to remove anonymous from being able to read published resources you should be able to alter createAppObjectsPublishedApp rule by adding Read action as well as already selected Create.


jg

Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

Thanks for the answer.

You can specify how do I change a rule  CreateAppObjectsPublishedApp that would  anonymous user could not see the object issued to authorized users in a published application

Not applicable

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

I believe you only need to check Read to the rule.  Try it and see what happens when you log in as anonymous.  It's easy to change back if it doesn't work.

2015-08-12 10_28_23-Security rule edit - QMC.png

Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

What about the rule of "Stream"

I think that it is the rule allows anonymous users to read the applications and objects in these applications in the stream of "Everyone"

the essence of this rule - Allow to create these objects in the applications to authorized users. I do not understand what effect will the installation steps "read"

Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

I tried to change the rule as you suggested. Did not help. anonymous users access sheet created by an authorized user.

Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

have idea

change Stream rule

from it

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

to this

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true") or (resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="false" and  !user.IsAnonymous())  and resource.app.stream.HasPrivilege("read"))

something like that.

Not applicable

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

So let's back up.  Is this a change you want to make to only the Everyone stream or to any stream?  What you are putting is what I feel is a lot of extra stuff.  Let me play around and see what I can find.

jg

Not applicable

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

So Alexander I think I have something that may work.

I made the Stream Security Rule which is an App resource filter rule, a little different.  What I added is bold.

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.approved="true" and user.IsAnonymous()) and resource.app.stream.HasPrivilege("read"))

Try this and let me know how it goes.

jg

Partner
Partner

Re: How to remove the possibility for anonymous users to see objects in the applications created by the community.

For stream everyone. 

I have not tested my proposed security rule. not sure that the syntax is correct. I wanted to express the idea, and I think you understand it