Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.
Just after upgrading Qlik Sense to the June 2018 release, we decided to implement a security rule that allows only users of a specific custom property to be able to export data.
After implementation, we tested on a table and we did not see the option to export anymore:
However, one of our most frequent users noticed that he was still able to export any data with a work-around that seems to us like a bug.
Whenever you right click on any object other than a table, you have the ability to convert it into a table by using the 'View Data' functionality.
When in this mode, you can simply right click again and export all data:
Is this a bug that still needs to be fixed or is there a way to make the security rule more complete?
Today I have upgraded a server, previously rules prevents a user with certain value in a custom property to export data, in June-2018 they can click 'View Data' and then 'Export Data'.
I tried disabling both: ExportAppData and ExportAppData_Custom.
The user, after closing all browsers and login again, still can do "View Data"->"Export Data".
Your assumption is correct! I disabled the default rule and made a fairly simple custom rule:
Selections made: App_* + Export Data box checked
Advanced conditions: resource.HasPrivilege("read") and (user.@Usertype="Developer")
In which the Developer is value within the custom property of @Usertpe we have created.
This is exactly what we are experiencing as well.
It seems like the new 'View Data' functionality creates a loophole in the existing security rules concerning exports.