Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

lucienorrin
Contributor

Security Rule to allow users to reload published apps

I am trying to get a reload button working for Sense v3.2, I tried the following:

http://branch.qlik.com/#!/project/56728f52d1e497241ae69836

Create Reload button with Qlik Sense 3.0 - YouTube

Both work great for the app OWNER.

However we have a need to allow users to reload the app on demand.

After configuring the security rules according to the documentation, users still get an access denied error on reload with an incomplete visualization on the sheet.

Has anyone successfully been able to grant users permissions to reload published apps?

1 Solution

Accepted Solutions
marcos
New Contributor III

Re: Security Rule to allow users to reload published apps

I think the change you need in the rule is something like this:

Resource filter:

App_*,App.Object_*

Conditions

(((resource.resourcetype="App" and resource.stream.HasPrivilege("read")) or

(resource.resourcetype="App.Object" and resource.app.stream.HasPrivilege("read") and resource.objectType = "app_appscript")))

Context

Both in hub and QMC

Actions

Read,Update

15 Replies
balabhaskarqlik
Honored Contributor

Re: Security Rule to allow users to reload published apps

Action : Create, Read, Update, Publish

After the app is published, set up a reload Task in the QMC to reload the app on schedule.

lucienorrin
Contributor

Re: Security Rule to allow users to reload published apps

We know how to schedule reloads.

I specifically asked how to grant users the ability to reload the app on demand, not on a schedule.

marcos
New Contributor III

Re: Security Rule to allow users to reload published apps

I was testing the new version of ReloadButton extension too with same problem than you.

I could solve it by making a little change in Security Rule proposed at documentation:

Resource filter:

App_*,App.Object_*

Conditions

(((resource.resourcetype="App" and resource.stream.name="Everyone") or (resource.resourcetype="App.Object" and resource.app.stream.name="Everyone" and resource.objectType = "app_appscript")))

Context

Both in hub and QMC

Actions

Read,Update

See the text remarks at Resource filter, Conditions and Actions.

axl_raioam
New Contributor II

Re: Security Rule to allow users to reload published apps

Edit: The issue was that the load script tried to access content that the user didn't have access to. When that was removed, it ran perfectly.

I am unable to let non-owner users reload using this method.  My Security Rule parameters are:

Resource filter:

App_*,App.Object_*

Conditions:

((resource.resourcetype="App" and resource.stream.name="Test") or (resource.resourcetype="App.Object" and resource.app.stream.name="Test" and resource.objectType="app_appscript"))

Context:

Both in hub and QMC

Actions:

Read, Update

lucienorrin
Contributor

Re: Security Rule to allow users to reload published apps

Thanks for the feedback!

Using the rules shown I can get the button to work, but limited to apps within the stream named in the rule.

I need to allow any user to reload any app in any stream they can 'read'.

The following rule doesn't work:

Resource filter:

App*

Conditions:

(resource.stream.HasPrivilege("read"))

Context:

Both in hub and QMC

Actions:

Read, Update

Wouldn't this rule apply to all objects within a stream the user can read?

Thanks!

marcos
New Contributor III

Re: Security Rule to allow users to reload published apps

I think the change you need in the rule is something like this:

Resource filter:

App_*,App.Object_*

Conditions

(((resource.resourcetype="App" and resource.stream.HasPrivilege("read")) or

(resource.resourcetype="App.Object" and resource.app.stream.HasPrivilege("read") and resource.objectType = "app_appscript")))

Context

Both in hub and QMC

Actions

Read,Update

lucienorrin
Contributor

Re: Security Rule to allow users to reload published apps

Marcus,

Thank you! That works perfect.

I went back through my notes and I had tried that combination but had mistakenly added "=" after the second HasPrivilege. I wish I would have caught that a week ago. Oh well, it works now.

Is there a functional difference using "App*" vs "App_*,App.Object_*"?

marcos
New Contributor III

Re: Security Rule to allow users to reload published apps

"App*" is wider than the other options.

"App*" is for all resources types beginning with "App".

"App_*" is for all resources of the type "App"

"App.Object_*" is for all resources of the type "App.Object"

See https://help.qlik.com/en-US/sense/June2017/Subsystems/ManagementConsole/Content/rules-resource-filte...

In this case, you can use at resource filter section the option "App*" or even only "App_*". "App.Object_*" is not necessary in this case and so, the users could not modify the script.

nakamurasatc
New Contributor

Re: Security Rule to allow users to reload published apps

Hi, Marcos.

Thank you for the solution.

Just to make sure, is it for not Sense Desktop but Sense Desktop?

I mean the Reload extension doesn't work on Desktop June2017.


Thank you,

Satoshi

Community Browser