Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
rohitk1609
Master
Master

Sheet Level Access with Custom Property

Hi Developers:

I am trying to implement Sheet level security with custom properties:

I am mentioning the process I followed below step wise:

1. Disabled By default Stream access rule

2. Created a Custom Property @Stream_Access with resources type Stream and User and used as below :

((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

3. Created a Custom Property with resource type user and app and used as :

((user.@AppAccess="AppAccess" and resource.@AppAccess="AppAccess"))

4. Created another Custom Property @AccesstoSheet with resource type User with value "First" and assigned to my concern User:

5. Created a new security rule by following your solution:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and

(

(user.@AccesstoSheet="First" and resource.objectType="sheet" and resource.name="JzJMza")

))

Custom Property: @AccesstoSheet with value First and same assigned to concern user

JzJMza: it is the sheet id I got from developer hub ,single configuration and copied by URL


/single?appid=da505f68-dc87-4086-b86b-086c8a0f84ad&sheet=JzJMza&opt=nointeraction&select=clearall


Now when I login with my concern user and I have access to Stream then Application but there are no sheet is available there as Concern User don't have any sheet access.


Can you please help me to know what I am doing wrong and missing

1 Solution

Accepted Solutions
cdecluseau
Contributor III
Contributor III

Hi !

The resource.name is the real name of your sheet (ex. : "My dashboard").

If you want to work with the ID of the sheet, you should use resource.id.

You will find this ID in QMC / App Objects and add the ID column.

One more things :

You can simplify this ((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

with this ((user.@Stream_Access=resource.@Stream_Access))

=> User and Stream with the same @Stream_Access values will have access.

No need to create multiple values for "Assistant", then "xxx" and so on...

View solution in original post

4 Replies
cdecluseau
Contributor III
Contributor III

Hi !

The resource.name is the real name of your sheet (ex. : "My dashboard").

If you want to work with the ID of the sheet, you should use resource.id.

You will find this ID in QMC / App Objects and add the ID column.

One more things :

You can simplify this ((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

with this ((user.@Stream_Access=resource.@Stream_Access))

=> User and Stream with the same @Stream_Access values will have access.

No need to create multiple values for "Assistant", then "xxx" and so on...

rohitk1609
Master
Master
Author

Hi Christophe ,

You answered exactly what I was looking , Really appreciated.


I have tried to implement your solution and checked to App Objects and found every sheet has an resource id and we can use it instead of Name , Quiet enough , Now what is happening now I have written a code as below:


(user.name="Jarvis" and resource.objectType="sheet" and resource.name="Budget Analysis")

Then I have achieved what I want, I logged in with JARVIS and I found only Budget Analysis sheet is visible to Jarvis ,Now problem is when I open this Budget Analysis sheet I found there is no visibility of charts ,Its Blank or invalid visuals


When I try to write code as:

resource.id="TqwwFf"or resource.name="Sales vs Budget"

Sales vs Budget is one of the charts which are available on Budget Analysis sheet and TqwwFf is the Object ID the same chart  which I got from developer hub then single configurator .

but still no chart is visible

I wondered why Chart names are coming under app.object i.e Sales vs Budget in resource name even if they are not app objects because when I look at the app Object folder there only sheet names are available, Please explain this


Please provide me solution how can I see the visuals or charts when I restrict one sheet to one user and explain me what I am doing wrong if it is

cdecluseau
Contributor III
Contributor III

I know this issue too. It's when you disabling Stream security rules. If you look at this it, this rules says to give access to AppObject except loadmodel and app_appscript.

It seems to also disable some visual abality. I don't really understand.

It's better to create a new rule, based on the Stream rule. In this new rule you will add :

and resource.objectType != "sheet".

So every others object type will be allow except loadmodel, app_appscript and sheet.

The sheet visibility are managed by the new rule we spoke before.

rohitk1609
Master
Master
Author

HI Christophe,

I found one another very easy way , Almost the same you told me initially, We just need to modify the same security rule which we have written for restrict concern user JARVIS to one single sheet with OR condition as :

(user.name="Jarvis" or resource.objectType="masterobject" or resource.name="*")

It will give visual access to the concern sheet and it is working fine.

Please clarify below terms :

loadmodel  is the same which is data model schema ?

and

app_appscript. : ETL script we writes in scripting engine ?


what you mentioned this time same I found initially when I started working on it, I was confused why do I want to add resource.objectType != "sheet"  in  Stream access rule , I thought this should be in APP. Object  template, Please clarify with this in detail , how can I restrict any app object in stream access rule ?