Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I have been using this : https://support.qlik.com/articles/000046777
As a guide so that I can disable a lot of data connections for basic users in our Enterprise environment.
When I point the rules at a specific group like this:
((resource.type!="folder") and (user.group!="QlikConsumer"))
&
((resource.type!="folder" and resource.type!="Custom") and (user.group="QlikConsumer"))
It works like in the guide, but when I change the rules on the user.group portion to point at user.@User_Groups which is our basic User Group property, the rule doesn't work, I also tried pointing at resource.@User_Groups as well.
I would think that pointing it at the user.@User_Groups would see that a user is in the group of that Custom Property and restrict access but it doesn't. Am I applying the properties incorrectly?
Currently I am in QA and I haven't applied any property to any data connections yet, and I thought that could be an issue, but I'd think using the user.@ would make it so I don't have to use the resource.@
In prod we will have Admins use custom properties on their data connections, but I want to ensure I have working rules that are validated. Any input is appreciated.
I need to add the reason I want to use (user.group!=user.@User_Groups) is that we us AD groups, and drop that AD Group name in to the User_Groups property so that we can use custom properties without having to tag every individual user.
Are you trying to say if a user is in a @user_Group, don't allow folder access?
If so, I tested this and it works:
((resource.type!="folder") and (!user.@User_Group like "*"))
@Trey Smith , it is multi-fold, the no folder access is one of the default rules, so the intent is to keep that, and limit our base users to only be able to create ole db, odbc, web file and drag and drop connections, hence the no custom connectors, while allowing our developers and admins the ability to do everything else with regards to data connections.
The linked Qlik Sense Support knowledge effectively shows the results needed.
I am trying to apply your recommendation, and I am not sure it is working with the two rules combined.
I need to add the reason I want to use (user.group!=user.@User_Groups) is that we us AD groups, and drop that AD Group name in to the User_Groups property so that we can use custom properties without having to tag every individual user.