Hello

I'm trying to map the following authorization logic using security rules & custom properties. There is a custom property BI_Rolle which contains the value "DevRolle".

A user with "DevRolle" in BI_Rolle should be able to:

- Create Sheets/Visualizations (using fields from the data model) on apps in his workspace

- Open Data Model Viewer in apps

- Publish and Duplicate his owns apps (in Hub and QMC)

- see and access only his own apps (in Hub and QMC)

A user with "DevRolle" in BI_Rolle should not be able to:

- Create apps

- Access data load editor and data manager in apps

- other apps than his own (in QMC)

I have excluded users with BI_Rolle = "DevRolle" from every other active Security Rule in the QMC and created the 4 new Security Rules which you can see in the attachment. Currently everything is working as it should but unfortunately the user is seeing all Apps in the QMC and not only his own apps. Does anyone know what I have to adjust in the existing rules so that the user only sees his own apps in the QMC?