Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
wallace0834
Contributor III
Contributor III
‎2021-04-22 02:43 PM

Security rule - Sheet

At our company, we have a owner of sheet that is unpublished.  He would like to shared this unpublish sheet to four employees.  How would I write a security rule to accomplish this task as a Qlik Administrator?

I will provide an example of the security rule that I have already written; however, it provide more access to custom sheet other than just the one sheet.

((resource.id="0b4f3249-1c55-4ecc-959a-e06366939b10" and resource.App.HasPrivilege("read") and resource.objectType="sheet" and resource.published ="false" or user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3"))

647 Views
0 Likes
5 Replies
jwjackso
Specialist III
Specialist III
‎2021-04-22 03:25 PM

Try this

 

(((resource.id="0b4f3249-1c55-4ecc-959a-e06366939b10" and resource.App.HasPrivilege("read") and resource.objectType="sheet" and resource.published ="false") and (user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3")))

I thing having  or user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3" meant that the the first half had to be true or any of those users had to be true.

618 Views
wallace0834
Contributor III
Contributor III
‎2021-04-23 11:38 AM
Author

In response to jwjackso

Thank you.  After I wrote this security rule, John Doe, John Doe2 could see more unpublished sheet other than one sheet.  Would you have a better idea on how to write this security just to share one unpublisheet for a couple individuals?

591 Views
0 Likes
jwjackso
Specialist III
Specialist III
‎2021-04-23 02:45 PM

In response to wallace0834

What is the "Resource filter", Actions and Conditions of the security rule?

You can Audit the users to see which rules provide access to the App Objects.

578 Views
0 Likes
wallace0834
Contributor III
Contributor III
‎2021-04-23 04:34 PM
Author

In response to jwjackso

Ok.  I think I have somewhat figured it out.  Our organization uses roles.  Everyone who has Consumer role can only see the one unpublish sheet while employee who have a Contributor role see all of the unpublish sheets from the owner of this app.  We do not want the Contributor, but to see only one unpublish sheet and not more.  Is there way to add to the existing security rule to exclude only them being able to see that one sheet?

You have been extremely helpful.

570 Views
0 Likes
jwjackso
Specialist III
Specialist III
‎2021-04-23 06:03 PM

In response to wallace0834

You may be experiencing the same thing that we encountered when we implemented Custom Properties.  We initially had a property ADGroup that had developer (contributer) and user (consumer).  When we tested the security rules we found that if you were a developer for stream1 and were a consumer for stream2, you were able to develop in both streams.  The rules appeared to use OR instead of AND when evaluating access to the stream/applications.

We had to create two custom properties, ADGroup that granted access to streams/apps and Developer that identified you as a developer(contributer).  This was the only way we could get the rule to perform AND logic.

557 Views
0 Likes