Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Martin22
Partner - Contributor III
Partner - Contributor III
‎2022-03-15 04:01 AM

Stream Security Rule

Hi there,

I am trying to implement something on Qlik Sense to help users, but I haven't find a solution yet : the goal is to create a stream where users can edit apps almost the same way they could in their personal work spaces.

I know that they are supposed to do so in their personal work spaces, and that there will always be things you can't do in published apps, but the objective here is to create a stream allowing multiple users to work (and back-up each other) on the same apps : they must be able to directly create and edit sheets, without the need to get the sheets approved by an admin.

I have read multiple posts on the subject, but I didn't find an exact answer to what I need :

I succeeded in allowing users to edit the apps by creating a security rule with the App_Objects (and create, read, update, publish, delete selected), but as a result I can edit the apps everywhere, and I would like to restrict this to only one stream.

Adding conditions such as : (resource.resourcetype = "Stream" and resource.name = "StreamName") doesn't work.

Can you please tell me what I'm missing ?

Regards,

Martin.

Labels (1)
Labels
1,276 Views
0 Likes
1 Solution

Accepted Solutions
Martin22
Partner - Contributor III
Partner - Contributor III
‎2022-03-21 11:08 AM
Author

Hi,

It's finally working.

In the end, I had to create two rules :

-First rule with Stream_Id as resource filter, Read Update and Publish as selected, and user.role=AdminRole as condition (I switched name for role, to make it easier to manage users).

-I then created a second rule with both Stream_Id and App.Object_* as resource filters, Read Update and Publish as selected, and ((resource.App.stream.name="StreamName")) as condition.

The reason the test user couldn't see any sheets was because the security rule Stream had been disabled.

Regards,

Martin.

View solution in original post

1,164 Views
0 Likes
6 Replies
rohitk1609
Master
Master
‎2022-03-15 09:50 AM

You should create three rules 

Stream, apps and app objects template and then try.

Update is the action you need for sure but please check Update won't enable any other object edit way.

You can try to use custom properties to simplyfy your rules

 

resource.resourcetype = "Stream"  rule won't affect on HUB. You have to deal with Apps objects rule with stream name. 

 

Regards,
Rohit

 

1,231 Views
Sivapriya_d
Creator
Creator
‎2022-03-15 10:46 AM

you can try creating one rule for Stream and one for Appobjects.
Stream Security Rule
In the resource filter you can give Stream_<StreamID>
For Appobject rule , In condition you can mention something like 
resource.App.stream.name = "StreamName"

1,225 Views
Martin22
Partner - Contributor III
Partner - Contributor III
‎2022-03-16 05:01 AM
Author

Hi,

Thx for the replies, here is what I did :

-I created a first rule with Stream_Id as resource filter, Read Update and Publish as selected, and user.name=UserName as condition.

-I then created a second rule with App.Object_* as resource filter, Read Update and Publish as selected, and ((resource.App.stream.name="StreamName")) as condition.

I got what I wanted on the SharedWorkStream, my test user can create and edit sheets in the apps.

However, in the other streams, where users should only be able to read apps, the test user can't see the sheets in the apps anymore. The test user is also able to create and edit new sheets in these apps, where he shouldn't be able to.

I guess I'm still missing a part in my rules, do I need to create a new rule limiting to "read" for apps outside of the ShareWorkStream, or should I edit the two rules with something else ?

Regards,

Martin.

1,210 Views
0 Likes
Sivapriya_d
Creator
Creator
‎2022-03-17 11:44 AM

Did you check the associated security rules for the other streams? 

1,190 Views
Martin22
Partner - Contributor III
Partner - Contributor III
‎2022-03-17 12:05 PM
Author

In response to Sivapriya_d

Yes, there is nothing special on the other stream : the default rules (OwnerPublishDuplicate, SecurityAdmin, ContentAdmin), and a "read" rule I put for my test user.

Regards,

Martin.

1,188 Views
0 Likes
Martin22
Partner - Contributor III
Partner - Contributor III
‎2022-03-21 11:08 AM
Author

Hi,

It's finally working.

In the end, I had to create two rules :

-First rule with Stream_Id as resource filter, Read Update and Publish as selected, and user.role=AdminRole as condition (I switched name for role, to make it easier to manage users).

-I then created a second rule with both Stream_Id and App.Object_* as resource filters, Read Update and Publish as selected, and ((resource.App.stream.name="StreamName")) as condition.

The reason the test user couldn't see any sheets was because the security rule Stream had been disabled.

Regards,

Martin.

1,165 Views
0 Likes