My suggested approach to implementing Sheet Level Security is to create four new Security Rules after disabling the default rules. It involves a User Directory with properties for the Company, Application, and Sheets. Custom properties in the QMC will need to be created to contain the same User Directory property values.
Custom properties are created, in the QMC, and assigned to the individual Applications and Streams. This allows for a general approach to handling an expanding list of Companies and their various Applications. As the number of Applications and Companies grow, the User Directory Properties and Custom Properties will both need to be updated to grant access to the new applications and the application's sheets.
Security Rule to Disable is the Stream rule...
Rule Name = Stream
Resource Filter = App*
Rule for Sheets
Filter = App.Object_*
Suggested Logic = Identify a group of QlikSense Users who meet the criteria to access the sheets.
The Object must be a sheet
The Users must have the user property of sheets that matches the Sheet Name