Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
wailengwoo
Partner - Contributor III
Partner - Contributor III
‎2018-10-26 02:54 AM

Security rule to manage stream access rule

Hi,

I created a new customised content admin role to segregate content admin users to manage their own resources. I need the custom content admin to be able to create new stream and manage the security access rule for the stream he/she created/owned. However the custom content admin is still able to edit the security rule for read-only streams although other sections within the stream remained as read-only. Has anyone done this before? Appreciate advise from the experts out there.

Here are the security rules i have created:

CustomContentAdmin

Resource filter - Stream_*,App*,ReloadTask_*,UserSyncTask_*,SchemaEvent_*,User*,CustomProperty*,Tag_*,DataConnection_*,CompositeEvent_*,Extension_*,ContentLibrary_*,FileExtension_*,FileExtensionWhiteList_*

Actions - Create, Read, Update, Delete, Export, Publish, Duplicate, Approve

Conditions:

((user.roles="CustomContentAdmin" and resource.app.@UserGroup=user.@UserGroup or resource.@UserGroup=user.@UserGroup))

CustomContentAdminStream  (Note: If I dont add this rule the custom admin will not be able to create new stream and only able to see and manage the stream he/she owned)

Resource filter - Stream*

Actions - Create, Read, Publish, Change owner

Conditions

((user.roles="CustomContentAdmin"))

CustomContentAdminRuleAccess

Resource filter - SystemRule_*

Actions - Create, Read, Update

Conditions

user.roles = "CustomContentAdmin"

and resource.category = "Security" and (resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}")

Thank you.

1,147 Views
0 Likes
1 Solution

Accepted Solutions
wailengwoo
Partner - Contributor III
Partner - Contributor III
‎2018-10-30 12:05 AM
Author

Resolved the issue by adding the following condition in bold in the rule

Rule name: CustomContentAdminStream

Resource filter - Stream*

Actions - Create, Read, Publish, Change owner

Conditions

((user.roles="CustomContentAdmin" and resource.owner.name=user.name))

View solution in original post

1,087 Views
0 Likes
2 Replies
wailengwoo
Partner - Contributor III
Partner - Contributor III
‎2018-10-30 12:05 AM
Author

Resolved the issue by adding the following condition in bold in the rule

Rule name: CustomContentAdminStream

Resource filter - Stream*

Actions - Create, Read, Publish, Change owner

Conditions

((user.roles="CustomContentAdmin" and resource.owner.name=user.name))

1,088 Views
0 Likes
korsikov
Partner - Specialist III
Partner - Specialist III
‎2021-05-13 04:48 AM

In response to wailengwoo

I have the same issue.

But i can't restrict access Custom user role to manage the security access rule for the stream he/she created/owned.

Rule allow access to  all Streams security rules or no one.

For example

Stream_TORulesAccess

Resource filter - SystemRule_*, Stream_*

Actions - Create, Read, Update,Delete

Conditions

 (user.roles = "Stream_TO" 
and (resource.category = "Security" and resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}"))

 

its allow to create and edit secity rules for all streams

Stream_TORulesAccess

Resource filter - SystemRule_*, Stream_*

Actions - Create, Read, Update,Delete

Conditions

 (user.roles = "Stream_TO"  and resource.owner.userId=user.userId 
and (resource.category = "Security" and resource.resourcefilter matches "Stream_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}"))

 

it's rule not works. 

Early thanks for any advice

648 Views