Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
 mohan_1105
		
			mohan_1105
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hello Qliker's,
I'm trying to implement the sheet level section access to the application published on our client server. I created the security rule having the logic sheets name like "ZSM" shall only be displayed to the certain group and other shall view the sheets which doesn't have the sheet name like "ZSM".
I applied the following rule which isn't successful. Please review my security rule below,
((resource.id="App ID") and (user.@User_Type="Restricted User" and resource.name like "ZSM") or (user.@User_Type="Users" or resource.name!="Customer Analysis - ZSM" and resource.name!="Customer Details - ZSM" and resource.name!="Dashboard - ZSM" and resource.name!="Order Analysis - ZSM" and resource.name!="Target Analysis - ZSM"))
Please help, kindly help if I should follow any other steps in security rule.
Best Regards,
Mohan
 suhasinigm
		
			suhasinigm
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Mohan,
I think U have created only one Custom Property User_Type?.
1. Create a Custom Property User_Type with User and Stream as resource type.
and values will be Restricted_User and Unrestriceted_User.
Stream level User Access Rule will be:
((user.@User_Type=resource.@User_Type)).
2.Then Create a Custom Property AppLevelManagement with User and App as Resource Type.
and values will be Restricted and Unrestriceted.
First Disable the Default stream Rule ,then create new security rule for App.
((user.@AppLevelManagment=resource.@AppLevelManagment)).
Please make sure for users,streams and applications associated with the respective custom property.
,
 dionverbeke
		
			dionverbeke
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Did you disable the rule that gives access to the sheet if you have access to the stream?
Remember that Qlik is a positive security system: once you have access you have access...
Below a way to do it. There are other ways:
How to disable the generic rule:
1.Go on the QMC
2.Open the Security Rules section in the QMC.
3.Select the default generic rule called Stream. As explained before, this rule allows users to access all Streams.
4.After selecting this rule, tick the case “Disabled”.
UnRestrictedclient:
((resource.resourcetype = "App“and resource.stream.HasPrivilege("read"))
or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")
and resource.app.stream.HasPrivilege("read")))
and user.userDirectory != “RESTRICTEDCLIENT"
RestrictedClient:
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))
or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “RESTRICTEDSHEET") and user.userDirectory = “RESTRICTEDCLIENT")
Kind Regards,
 mohan_1105
		
			mohan_1105
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Dion,
Thanks for your time.
I recreated the rule as you suggested in RestrictedClient. The rule is working as expected. But I the restricted user couldn't able to view the charts which are on the dashboard already.
Also, Kindly verify my Resource filter and Actions shown below.
Below is the rule I wrote as suggested.
(resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))
or
((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name LIKE “*ZSM") and user.@User_Type="Restricted User")
or
((resource.resourcetype = "App.Object" and resource.published ="true" andresource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and (resource.name != “*ZSM") and user.@User_Type="User")
Best Regards,
Mohan
 suhasinigm
		
			suhasinigm
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Mohan,
I also faced the same issue ,
Inst-ed of writing 3 rules i wrote the below two separate rules for two groups :
Sheet Level:
Rule1: DomianGroup
Resource Filter:App.Object_*
((user.@Group="Domain" and resource.name="ZSM"))
Rule2: GlobalGroup
Resource Filter:App.Object_*
((user.@Group="Global" and resource.name!="ZSM"))
I hope it will solve your problem.
 mohan_1105
		
			mohan_1105
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Suhasini,
I disabled all the rules I created before for sheet level access and created the rule as you suggested. I wouldn't able to find the application in the stream.
Could you suggest what can be done after?
 suhasinigm
		
			suhasinigm
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Mohan ,
Is Application level Management working correct?,
have you assigned the application level custom property to Users.
 mohan_1105
		
			mohan_1105
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi,
Yeah, I have assigned the custom properties to all the users allocated.
Just the clarification, in the rule, you mentioned user.@Group is the customer prroperty you were mentioning right?
 suhasinigm
		
			suhasinigm
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Mohan,
Group is a custom property with User and stream resource type.
 mohan_1105
		
			mohan_1105
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi,
Could you tell me, how do I check the app level management is working?
 suhasinigm
		
			suhasinigm
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Mohan,
please refer this post till 9th step for Application Level Management.
