Solved: Security rule to allow reload of published apps th... - Qlik Community

lwp89 · ‎2021-09-13

Hello Experts,

I want to allow only few users to reload some of the published apps (not all published apps).

I tried implementing the security rule mentioned by Qlik on this post. But now the 'Content Admin' users can also edit the name and other properties of the published apps.

I have created a Custom Property for the users

Customer Property Name is 'CanReload'
Value is 'Yes'

I have also created a Custom Property for the apps.

Custom Property Name is 'AllowReload'
Value is 'Yes'

Only users who has custom property 'CanReload' = "Yes" should be able to reload the published apps that has custom peroperty 'AllowReload' = "Yes".

They should not be allowed to edit names or published app and should be able to reload.

Please advise what security rule changes should we apply?

Thank you in advance.

lwp89 · ‎2021-09-15

Thanks @rohitk1609

I want to allow this users to reload the published apps from the hub.

I am using following two rules which is working but it has also enabled users to be able edit app names of the published apps. Is there a way to disable that functionality?

Security Rule # 1

Name	Rule1
Description	Allow user to access load script of the published apps if that app has been assigned custom property 'AllowReload' = "Yes"
Resource Filter	App.Object_*
Actions	Read, Update
Condition	((resource.objectType="app_appscript" and resource.app.@AllowReload="Yes" )) and resource.app.HasPrivilege("read")
Context	Only in hub

Security Rule # 2

Name	Rule2
Description	Allow user to access load script of the published apps if that user has been assigned custom property 'CanReload' = "Yes"
Resource Filter	App_*
Actions	Read, Update
Condition	resource.resourcetype = "App" and resource.Stream.HasPrivilege("read") and (user.@CanReload="Yes")
Context	Only in hub

View solution in original post

rohitk1609 · ‎2021-09-15

When you say reload the app, is it for HUB or QMC?

If QMC, you need to create a new role and grant access of such tasks and app to users who has ustom property 'CanReload' = "Yes".

If you want to reload from HUB, you need to grant access of data load editor to such users. Try to enable UPDATE action at Apps Object level.

lwp89 · ‎2021-09-15

Thanks @rohitk1609

I want to allow this users to reload the published apps from the hub.

I am using following two rules which is working but it has also enabled users to be able edit app names of the published apps. Is there a way to disable that functionality?

Security Rule # 1

Name	Rule1
Description	Allow user to access load script of the published apps if that app has been assigned custom property 'AllowReload' = "Yes"
Resource Filter	App.Object_*
Actions	Read, Update
Condition	((resource.objectType="app_appscript" and resource.app.@AllowReload="Yes" )) and resource.app.HasPrivilege("read")
Context	Only in hub

Security Rule # 2

Name	Rule2
Description	Allow user to access load script of the published apps if that user has been assigned custom property 'CanReload' = "Yes"
Resource Filter	App_*
Actions	Read, Update
Condition	resource.resourcetype = "App" and resource.Stream.HasPrivilege("read") and (user.@CanReload="Yes")
Context	Only in hub

rohitk1609 · ‎2021-09-15

If you enable the UPDATE action, user can alter your app. you should try to write rule on extension

lwp89 · ‎2021-09-22

I learnt the if you create a security rule with UPDATE action, then it will also enable updation of App Name, description, thumbnail, etc,. So I think I will leave the security rule as is. Thanks

Security rule to allow reload of published apps that has a custom property value

Administration

Governance

Security