Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2017-06-13 08:08 PM

Restricting user access to specific sheets

I'm attempting to get sheet level security working.

I'm following this:

Sheet or App Object Level Security Qlik Sense

sort of...

I've disabled the default Streams rule, and created my own, which specifically excludes a user group based on a custom property.

When I view associated rules to the sheet in particular for a member of the group for whom I am attempting to restrict access, I see that the disabled rule is still associated, but when I edit it, the disabled check is still there.

My custom rule is the only other rule that shows up in the list of associated rules.

I am attempting to remove access to all sheets with the word 'Admin' in them. I've tried various permutations of resource.name Like, =, !=, "Admin*", etc etc.

I gave up, and am now attempting to restrict access to the TWO sheets that specifically exist.

I have created the rule for:

App.Object_*

read is the only checked box

Conditions:

((user.@UserType="MyGroup") and (resource.name!="Admin: Issued Reward Details" or resource.name!="Admin: Issued Rewards Summary"))

Which I interpret to mean ALL app objects that are NOT these two named sheets, and it gives read access.

when I audit the rule, I still see that I can access these sheets. For good measure, I attempted to log in, and with a test user, I can still see the sheets that I should not be able to see.

Any guidance would be fantastic.

6,254 Views
0 Likes
2 Replies
Levi_Turner
Employee
‎2017-06-26 02:57 PM

01135579.png

For this particular implementation this style of rule is working with success:

  • Disable Stream
  • New rule:
    • Name: Stream (Sheet Exception)
    • Filter: App*
    • Action: Read
    • Condition: (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or (((resource.resourcetype = "App.Object" and (resource.published ="true" and resource.name != "Exclusion Test")) and resource.app.stream.HasPrivilege("read")))
    • Context: Both

The bolded portion can be ported over to be customized or expanded (e.g. (resource.name != "1" and resource.name!="2"). The method of using a custom property will unfortunately not work since custom properties cannot be applied to app.objects. Likewise, there is no NOT LIKE operator so wildcards will not be able to be leveraged.

5,812 Views
0 Likes
Levi_Turner
Employee
‎2020-08-26 12:46 PM

In response to Levi_Turner

Since I've just been alerted to this thread from a colleague, I'd like to correct an inaccurate element here:

@Levi_Turner wrote:

The bolded portion can be ported over to be customized or expanded (e.g. (resource.name != "1" and resource.name!="2"). The method of using a custom property will unfortunately not work since custom properties cannot be applied to app.objects. Likewise, there is no NOT LIKE operator so wildcards will not be able to be leveraged.

While there is no NOT LIKE operator itself, there are NOT and LIKE which can be combined like so:

!((resource.name like "*exampleString"))

 

4,371 Views
0 Likes
Top