Skip to main content

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

cancel
Showing results for 
Search instead for 
Did you mean: 
fabios
Contributor III
Contributor III

Allow users to update custom properties only in QMC

Hi all,

 

In our governed self-service setup, we would like to enable a subset of power users to manage app-level access autonomously.

 

To achieve that, we need to set up a security rule that allows a user to update only custom properties within the user window. They will need to have access to the user window, since app-level access is managed through a specific custom property, but they shouldn't be able to change the role of other users. 

 

Target user journey:

- Power user accesses QMC

- Power user navigates to "Users" section

- Power user updates value for custom property "AppLevelAccess"

- Power user has no way of updating user roles

 

Is this achievable?

 

Kind regards,

Fabio 

Labels (3)
3 Replies
Levi_Turner
Employee
Employee

You cannot demarcate by custom property values, i.e. custom property named foo with values of bar, bar1. But you can restrict by the definition (i.e. foo). For an example, see bullet point 9 onward in this https://github.com/eapowertools/qs-event-driven-cross-site-app-promoter

fabios
Contributor III
Contributor III
Author

Not sure I understand.

With your example, I can restrict updates to custom properties but not to users. I need to restrict updates in the "Users" tab, so that my power users can assign new custom properties, but not change someone's role.
Levi_Turner
Employee
Employee

With your example, I can restrict updates to custom properties but not to users. I need to restrict updates in the "Users" tab, so that my power users can assign new custom properties, but not change someone's role.

Yeah, not going to be possible.