Qlik Community

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Announcements
Join “Do More With Qlik” with Mike Tarallo to get a first-hand look at the New Authoring Experience, June 29th: REGISTER HERE
cancel
Showing results for 
Search instead for 
Did you mean: 
wallace0834
Contributor
Contributor

Security rule - Sheet

At our company, we have a owner of sheet that is unpublished.  He would like to shared this unpublish sheet to four employees.  How would I write a security rule to accomplish this task as a Qlik Administrator?

I will provide an example of the security rule that I have already written; however, it provide more access to custom sheet other than just the one sheet.

((resource.id="0b4f3249-1c55-4ecc-959a-e06366939b10" and resource.App.HasPrivilege("read") and resource.objectType="sheet" and resource.published ="false" or user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3"))

5 Replies
jwjackso
Specialist III
Specialist III

Try this

 

(((resource.id="0b4f3249-1c55-4ecc-959a-e06366939b10" and resource.App.HasPrivilege("read") and resource.objectType="sheet" and resource.published ="false") and (user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3")))

I thing having  or user.name="John Doe" or user.name="John Doe2" or user.name="John Doe3" meant that the the first half had to be true or any of those users had to be true.

wallace0834
Contributor
Contributor
Author

Thank you.  After I wrote this security rule, John Doe, John Doe2 could see more unpublished sheet other than one sheet.  Would you have a better idea on how to write this security just to share one unpublisheet for a couple individuals?

jwjackso
Specialist III
Specialist III

What is the "Resource filter", Actions and Conditions of the security rule?

You can Audit the users to see which rules provide access to the App Objects.

wallace0834
Contributor
Contributor
Author

Ok.  I think I have somewhat figured it out.  Our organization uses roles.  Everyone who has Consumer role can only see the one unpublish sheet while employee who have a Contributor role see all of the unpublish sheets from the owner of this app.  We do not want the Contributor, but to see only one unpublish sheet and not more.  Is there way to add to the existing security rule to exclude only them being able to see that one sheet?

You have been extremely helpful.

jwjackso
Specialist III
Specialist III

You may be experiencing the same thing that we encountered when we implemented Custom Properties.  We initially had a property ADGroup that had developer (contributer) and user (consumer).  When we tested the security rules we found that if you were a developer for stream1 and were a consumer for stream2, you were able to develop in both streams.  The rules appeared to use OR instead of AND when evaluating access to the stream/applications.

We had to create two custom properties, ADGroup that granted access to streams/apps and Developer that identified you as a developer(contributer).  This was the only way we could get the rule to perform AND logic.