Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Not applicable
‎2016-07-05 01:59 AM

Sharing app with specific users in stream

Hello,

Let's say a user is within a big department, they all have access to a stream.

This user wants to create an app and share it to specific users from this department, so if the app is published to that stream, not all users should be able to see it.

What are the possible options to achieve this in qliksense?

Do we have to create another stream for those users only (As this might lead to creating many streams and this is not desired by the client)

Is it through security rules? How?

Appreciate having a detailed clarification, as I'm new to qliksense admin part.

Thanks.

2,643 Views
0 Likes
5 Replies
arasantorule
Creator III
Creator III
‎2016-07-05 03:56 AM

Hi,

The users in the stream can have different access rights.

Few users can have only read rights, few users may have both read and publish while others may have only publish access to the stream. However, security cannot be changed to a specific app level in the stream.

More detailed explanations are available below

https://help.qlik.com/en-US/sense/1.1/Subsystems/Hub/Content/Hub/Streams.htm

https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Strea...

Thanks.

1,923 Views
0 Likes
Anonymous
Not applicable
‎2016-07-05 05:12 AM
Author

We did something similar to this by creating a custom property on each user. I.e. Organisation. We then had to modify the App* rule to include a clause that matches the resource owner's department with the current user's.

i.e.

resource.owner.@ORG = user.@ORG


There is a default rule: "Stream" which defines if you have access to the apps or not. I would disable the standard rule and create a new one. 


The following edit limits all streams so that you can only Read apps where your custom value Org is the same as the App owners custom value.


((resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

or

((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))

and

(resource.owner.@ORG = user.@ORG)

This is fairly crude though as this will effect all streams. A refinement would be to edit which streams this resource.owner clause applies to. I think the following limits this to the Sales Stream. Some testing would be needed. I have not added this clause to the App.Objects as these belong to the App.

(

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales")))

or

((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

)

1,923 Views
Not applicable
‎2016-07-05 06:11 AM
Author

In response to Anonymous

Okayy, I see your point Damian.

Do you know if that's also applicable on the sheet level?

I mean within a published app, that user wants to create his own sheet and then share/publish it to part of the users who have access to that app (all users have access to the app, but only some will see that specific sheet).

Will that be doable through the security rules?

Appreciate if you can explain how.

Thanks in advance.

1,923 Views
0 Likes
Anonymous
Not applicable
‎2016-07-05 06:17 AM
Author

In response to

I am pretty sure that if you extend the security rule to the App.Object clause this should work. i have not tested this one though. This will apply to any objects that have been created on a published application. Well in theory anyway.Again the example below is only applying it to hte stream sales. This is probably not required as it is covered in teh App clause.

(

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales")))

or

((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales"))

)

)

1,923 Views
Not applicable
‎2016-07-05 06:52 AM
Author

In response to Anonymous

I'll give it a try and update this thread (as you said logically it should work).

Really appreciate your help Damian and your follow up on my question.

1,923 Views
0 Likes