Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Announcing the newest addition to the Qlik Community, Qlik Gallery! Learn More
Partner
Partner

QlikSense Security Rule - Update published apps to some users

Hi Dear Qlik Community

I'm triyong to create  a Security Rule to grant access to update published apps to some users (Like to executive users) , i copied the Stream Defaul Security rule to make the new rule but not works

The rule has the following properties

Resorce filter: App*

Actions: read, update

Condition:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin"

) or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

Additionally, i cretaed an adtional rule for normal users (Onlye read)

Resorce filter: App*

Actions: read

Condition:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup != "Admin"

) or ((resource.resourcetype = "App.Object" and resource.published ="true"

and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

Additional info:

1) The standar Stream Security Rule was disabled

2) I created a Custom Property for user and apps, with values "Admin"

3) The users that need update the published apps has the custom property "Admin"

4) One o the "Admin" user is the owner app

The problem is that all users can update the published apps

3 Replies
YoussefBelloum
Esteemed Contributor

Re: QlikSense Security Rule - Update published apps to some users

Hi,

I'll try to redo all this and see what's the problem here

Employee
Employee

Re: QlikSense Security Rule - Update published apps to some users

I'd break out your selection criteria into logical parts. Example:

Before:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and user.@UserGroup = "Admin" ) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

After:

((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))) and user.@UserGroup = "Admin"


Or you could just separate out the update functionality to a separate rule. Since rules are additive then it will add on to the previously configured permissions. That's generally easier than managing two different rules.

Why do you want the update right? To expose the DLE? Expose the data model?

Partner
Partner

Re: QlikSense Security Rule - Update published apps to some users

Hi ltu

I create one Rule with the following attributes


Name: Stream Admin

Resorce filter: App*

Actions: read, update

Condition:

((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))) and user.@UserGroup = "Admin"


This rule worked fine for me, but i need an extra rule to the user thah does not have the custom property  UserGroup = "Admin" the rule will be used for the "reader" user on published Apps. I tried with this

Name: Stream Reader

Resorce filter: App*

Actions: read

Condition:

((resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@UserGroup.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))


But not works, the users that not have custom property  UserGroup = "Admin" can edit the Published App