How should I go forward to allow the Team Admin to publish application to replace an existing app.
When my TeamAdmin tries to do that she gets "The operation failed due to insuffient privleges.
My guess is that there is something wiht the:
in the rule:_gss – TeamAdmin Read Rights
That is causing the trouble.
I get the impression that it is the App.Objects that causes this issue. App objects do not have custom properties attached to them.
What do you guys think about this rule?
Resource filter: App.Object_*
user.group ="Qlik_Role_TeamAdmin") and
What I am trying to do is to allow updates to all App.Objects where the object lies in a app and stream with the correct QlikGroup custom property.
@vegar, Apps or app objects? Making it possible to publish apps for a team admin is a function of clicking the publish action in a security rule. You are correct that app objects do not get to use custom props. What kind of app objects are you trying to publish? Sheets, Stories, dims and measures? Have you looked at QMC Utilities? https://github.com/eapowertools/QlikSenseQMCUtility
Thank you for the reply jog
No I have only briefly been able to look into the QMC Utilities, but I don't think the QMC utilities will affect this issue.
My team admin have no problems publishing new apps to a stream, the problem occur when trying to re-publish an app into a stream.
My guess/impression is that you need to update App.Objects in order to republish an app.
The TeamAdmin Read Rights rule found in the iPortal-project is defined as below.
_gss – TeamAdmin Read Rights
user.group="QlikTeamAdmin" and user.group=resource.@QlikGroup
It do include both the Update-action and the App* resource filter, but the condition, user.group=resource.@QlikGroup, wont be valid for any App.Object because App.Objects do not have any QlikGroup custom property associated values. Thats why it is impossible to Re-publish an application as a team admin.
To solve this I believe we need to add a special rule for TeamAdmin handling App.Objects. The security rule I wrote in my previous comment i an attempt to write a complementary rule that should work together with both the TeamAdmin Read Righs, TeamAdmin QMC Sections and TeamAdmin Create Rights activated.
Is the TeamAdmin in your GSS setup allowed to republish apps? If so, do you use a different security rule setup than the iPortal- setup?
I do want to point out the GSS rules are a guideline and not the solution. If you want to enable a user to have publish capabilities in specific streams that is totally possible. That said, we do need to have a look at the rule and see if we can provide better guidance.