Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
pindelicato
Contributor III
Contributor III
‎2019-09-12 08:54 AM

Security rule works when pointed at specific group but not when point at the @Users custom property

I have been using this :  https://support.qlik.com/articles/000046777

As a guide so that I can disable a lot of data connections for basic users in our Enterprise environment.

When I point the rules at a specific group like this:

((resource.type!="folder") and (user.group!="QlikConsumer"))

&

((resource.type!="folder" and resource.type!="Custom") and (user.group="QlikConsumer"))

 

It works like in the guide, but when I change the rules on the user.group portion to point at user.@User_Groups which is our basic User Group property, the rule doesn't work, I also tried pointing at resource.@User_Groups as well.

I would think that pointing it at the user.@User_Groups would see that a user is in the group of that Custom Property and restrict access but it doesn't. Am I applying the properties incorrectly?

 

Currently I am in QA and I haven't applied any property to any data connections yet, and I thought that could be an issue, but I'd think using the user.@ would make it so I don't have to use the resource.@

 

In prod we will have Admins use custom properties on their data connections, but I want to ensure I have working rules that are validated. Any input is appreciated.

 

I need to add the reason I want to use (user.group!=user.@User_Groups) is that we us AD groups, and drop that AD Group name in to the User_Groups property so that we can  use custom properties without having to tag every individual user.

Labels (4)
Labels
623 Views
0 Likes
3 Replies
treysmithdev
Partner Ambassador
Partner Ambassador
‎2019-09-12 09:56 AM

Are you trying to say if a user is in a @user_Group, don't allow folder access?

 

If so, I tested this and it works:

((resource.type!="folder") and (!user.@User_Group like "*"))

 

Blog: WhereClause   Twitter: @treysmithdev
611 Views
0 Likes
pindelicato
Contributor III
Contributor III
‎2019-09-12 11:50 AM
Author

In response to treysmithdev

@Trey Smith , it is multi-fold, the no folder access is one of the default rules, so the intent is to keep that, and limit our base users to only be able to create ole db, odbc, web file and drag and drop connections, hence the no custom connectors, while allowing our developers and admins the ability to do everything else with regards to data connections.

 

The linked Qlik Sense Support knowledge effectively shows the results needed.

 

I am trying to apply your recommendation, and I am not sure it is working with the two rules combined.

594 Views
0 Likes
pindelicato
Contributor III
Contributor III
‎2019-09-12 12:06 PM
Author

In response to pindelicato

I need to add the reason I want to use (user.group!=user.@User_Groups) is that we us AD groups, and drop that AD Group name in to the User_Groups property so that we can  use custom properties without having to tag every individual user.

590 Views
0 Likes