Qlik Sense documentation and resources.
When utilizing QlikSense, Sheet Level Security can be achieved through Security Rules via the QMC.
Background:
My suggested approach to implementing Sheet Level Security is to create four new Security Rules after disabling the default rules. It involves a User Directory with properties for the Company, Application, and Sheets. Custom properties in the QMC will need to be created to contain the same User Directory property values.
Custom properties are created, in the QMC, and assigned to the individual Applications and Streams. This allows for a general approach to handling an expanding list of Companies and their various Applications. As the number of Applications and Companies grow, the User Directory Properties and Custom Properties will both need to be updated to grant access to the new applications and the application's sheets.
**Note** Please disable the default rules, please do not delete them.
Security Rule to Disable is the Stream rule...
Rule Name = Stream
Resource Filter = App*
In the example below, I am utilizing a user directory that has user properties. It identifies an individual directory to apply the security rules to. If you have multiple user directories, you will need to include them in the rule or create seperate rules for them.
Create four new rules for Streams, Applications, Sheets, and Non-Sheet Application Objects.
1) Rule for Streams
((
user.userDirectory="Specific User Group"
and user.company=resource.@Company
))
2) Rule for Applications
((
resource.resourcetype = "App"
and user.userDirectory="Specific User Group"
and user.company=resource.@Company
and user.applications=resource.@Applications
and resource.stream.HasPrivilege("read")
))
3) Rule for Sheets
((
user.userDirectory="Specific User Group"
and resource.objectType="sheet"
and user.sheets=resource.name
))
4) Rule for Non-Sheet Application Objects
((
user.userDirectory="Specific User Group"
and resource.objectType!="sheet"
and resource.objectType="bookmark"
or resource.objectType="appprops"
or resource.objectType="bookmark"
or resource.objectType="dimension"
or resource.objectType="embeddedsnapshot"
or resource.objectType="GenericVariableEntry"
or resource.objectType="listbox"
or resource.objectType="masterobject"
or resource.objectType="measure"
or resource.objectType="snapshot"
or resource.objectType="story"
))
Nice and clear. Now try modify Rule for give access to sheet on diffirent apps
For the written approach, I went a top down approach.
Stream then App then Sheet then Non Sheet Application Object.
For your approach, I would go Bottom Up.
Sheet then App then Stream
The rules would establish application access based on the sheet name due to not knowing which exact application or streams those Sheets exist in.
Note: .HasPrivilege("read") on the Application and Stream would be removed or returned true when the Application contains one or more of the Sheets.
The following logic would be what determines the application and stream access.
resource.objectType="sheet"
and user.sheets=resource.name
Hi bef,
Could you please explain how many custom properties with what resource type need to create.
Is this user property is the custom property name with values Company, Application, and Sheets?
What resource type need to select for this user property. Please let me know.
Thanks in advance.
Hi Bef,
If we have an app and user's are able to create sheets, how can we secure the sheets so that just the creator of those sheets sees them? In our case, when users create their sheets under an APP and save it. All of those sheets are visible to everyone under the My Sheets section. How can I set this up in such a way personal sheets are accessible to the creators only?
Appreciate your help.
Thank you,
Ilyas
Hi Bef,
Very clear explanation. I have created mysheet and published. However, other users cannot see mysheet in Community. They can only see Public sheets and My sheets, but not Community sheets. Any idea?
@kabir_rab recently published a great post with clear demonstration of how to secure specific sheets within applications. He walks through how security levels work and how to enhance the standard out of the box rules to add sheet level security. If democratizing data across the organization is your goal then this level of security granularity is going to be a must. Be sure to check his post out.
http://dataonthe.rocks/sheet-restrictions-with-security-rules/