Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
ksasidhars
Creator
Creator

Need help on Streams 'n' Apps Access

Hi All -  We are on v2.1.1 and need help on the security rule for the below scenario - Could you please help in this!

Can you plz check if you got the procedure to allow FULL ACCESS to Stream and CONDITIONAL ACCESS to Apps in that Stream or let me know your thoughts on the same

Scenario -

Stream (holding App1, App2, App3& App4) has access to all 4 groups A,B,C,D

App1 to be accessed by A

App2 to be accessed by B

App3 to be accessed by C

App4 to be accessed by D

Thanks!

1 Solution

Accepted Solutions
Anonymous
Not applicable

Hope this helps. You need to create custom properties one belongs to streams and users. Another custom property belongs to App and users.

Each stream will have custom property value. For example lets say you created a custom property called StreamGroup. You have a stream called Testing. Create a value of Testing or  something that you can identify that it belongs to Testing stream in StreamGroup Custom property. Once you created assign that value of custom property to Stream. Same thing goes with App also.

Stream values and App values from custom property also applies to user profile. Once this is done you will create universal security rule

Disable Stream security rule in order to have below things work

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

Name of the Rule : UDR_Stream_App Custom Rule  (This will give access to specificApp to users. AppLevelMgmt  is custom property for apps. By default if you dont have any restriction in a stream then you dont assign any values to App. In a stream if you want maintain security for each app then you will assign values of that app and to users.)

Resource Filter : App_*

Context: Hub

Conditions : resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt ))

We learned it in a hardway to implement these.Security rules is different world to maintain. please test a lot before making available to users.

View solution in original post

7 Replies
Anonymous
Not applicable

Hope this helps. You need to create custom properties one belongs to streams and users. Another custom property belongs to App and users.

Each stream will have custom property value. For example lets say you created a custom property called StreamGroup. You have a stream called Testing. Create a value of Testing or  something that you can identify that it belongs to Testing stream in StreamGroup Custom property. Once you created assign that value of custom property to Stream. Same thing goes with App also.

Stream values and App values from custom property also applies to user profile. Once this is done you will create universal security rule

Disable Stream security rule in order to have below things work

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

Name of the Rule : UDR_Stream_App Custom Rule  (This will give access to specificApp to users. AppLevelMgmt  is custom property for apps. By default if you dont have any restriction in a stream then you dont assign any values to App. In a stream if you want maintain security for each app then you will assign values of that app and to users.)

Resource Filter : App_*

Context: Hub

Conditions : resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt ))

We learned it in a hardway to implement these.Security rules is different world to maintain. please test a lot before making available to users.

ksasidhars
Creator
Creator
Author

Thank you, Vamsi! for your time and reply on this. I did almost the same way and initially not working. So tried checking if any other workaround for this.

On again, Thank you!!

shraddha_g
Partner - Master III
Partner - Master III

I have done the same thing. It worked perfectly for Apps but then it is not showing any Sheets in those apps.

Do I need to change any other Security rule?

Not applicable

I am facing same problem as Shraddha, No sheets are visible from app.

shraddha_g
Partner - Master III
Partner - Master III

Hi Nitin,

It worked for me.

Can you explain the steps you followed?

kaldubai
Creator
Creator

Hi @Shraddha Gajare

im having the same problem as Nitin.

apps are showing but no sheets are visible.

so i followed the same exact thing above

1-i created two custom properties

** StreamGroup  for stream and users

value : Sale

**AppLevelMgmt for apps and users

no value at first try to give the user full access to apps.


2-i have a stream called Sales:

assigned  costume property value StreamGroup =Sale



3- Security Rules applied


1st

Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

Resource Filter : Stream_*

Context: Hub

Conditions : ((user.@StreamGroup=resource.@StreamGroup))

2nd

Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

Resource Filter : App*

Context: Hub

Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

4-User 1

assigned  costume property value StreamGroup =Sale



do we have to apply another security rule for sheet level ??

Onyi_Nwabia-Robbins
Contributor III
Contributor III

For anyone who is still having issues with this, please make sure the two security rules that manage the app access are both for App* and NOT App_*. 

This will ensure the user has access to all app content and not just the app. 

I hope this helps.