Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello Experts,
I want to allow only few users to reload some of the published apps (not all published apps).
I tried implementing the security rule mentioned by Qlik on this post. But now the 'Content Admin' users can also edit the name and other properties of the published apps.
I have created a Custom Property for the users
I have also created a Custom Property for the apps.
Only users who has custom property 'CanReload' = "Yes" should be able to reload the published apps that has custom peroperty 'AllowReload' = "Yes".
They should not be allowed to edit names or published app and should be able to reload.
Please advise what security rule changes should we apply?
Thank you in advance.
Thanks @rohitk1609
I want to allow this users to reload the published apps from the hub.
I am using following two rules which is working but it has also enabled users to be able edit app names of the published apps. Is there a way to disable that functionality?
Security Rule # 1
Name | Rule1 |
Description | Allow user to access load script of the published apps if that app has been assigned custom property 'AllowReload' = "Yes" |
Resource Filter | App.Object_* |
Actions | Read, Update |
Condition | ((resource.objectType="app_appscript" and resource.app.@AllowReload="Yes" )) and resource.app.HasPrivilege("read") |
Context | Only in hub |
Security Rule # 2
Name | Rule2 |
Description | Allow user to access load script of the published apps if that user has been assigned custom property 'CanReload' = "Yes" |
Resource Filter | App_* |
Actions | Read, Update |
Condition | resource.resourcetype = "App" and resource.Stream.HasPrivilege("read") and (user.@CanReload="Yes") |
Context | Only in hub |
When you say reload the app, is it for HUB or QMC?
If QMC, you need to create a new role and grant access of such tasks and app to users who has ustom property 'CanReload' = "Yes".
If you want to reload from HUB, you need to grant access of data load editor to such users. Try to enable UPDATE action at Apps Object level.
Thanks @rohitk1609
I want to allow this users to reload the published apps from the hub.
I am using following two rules which is working but it has also enabled users to be able edit app names of the published apps. Is there a way to disable that functionality?
Security Rule # 1
Name | Rule1 |
Description | Allow user to access load script of the published apps if that app has been assigned custom property 'AllowReload' = "Yes" |
Resource Filter | App.Object_* |
Actions | Read, Update |
Condition | ((resource.objectType="app_appscript" and resource.app.@AllowReload="Yes" )) and resource.app.HasPrivilege("read") |
Context | Only in hub |
Security Rule # 2
Name | Rule2 |
Description | Allow user to access load script of the published apps if that user has been assigned custom property 'CanReload' = "Yes" |
Resource Filter | App_* |
Actions | Read, Update |
Condition | resource.resourcetype = "App" and resource.Stream.HasPrivilege("read") and (user.@CanReload="Yes") |
Context | Only in hub |
If you enable the UPDATE action, user can alter your app. you should try to write rule on extension
I learnt the if you create a security rule with UPDATE action, then it will also enable updation of App Name, description, thumbnail, etc,. So I think I will leave the security rule as is. Thanks