Stream Access for AD group when default stream rule is disabled
Hello Experts,
We have setup security and access using AD groups and Security Rules. This was done so that we can automate the access process and the admins don't need to be involved for access.
The security we have is setup at App level. So, people who have access to a stream can only see the apps which they have access to. To make this happen, we had to disable the default rule called "Stream".
Now, we want to create a stream and give an AD group access to the stream and everything within the stream. This way whoever is added to the AD group has access to all the apps published within the stream. This is possible when I enable to default Stream rule, but it would break the app level security. Is there a way to write a rule specific to the steam with all apps without having to enable the default stream rule?
Give access to the stream Give access to the app provided access to the stream in a single stream Give access to all the appobjects (sheets, bookmarks, stories, etc) in that app
(resource.resourcetype = "Stream" and resource.stream.name="ThisIsTheStreamName") and ((resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.stream.name="ThisIsTheStreamName") or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))
ok, that's great. How can I tie an AD group to this rule since we would like a particular AD group or a few to access this stream in such a way. Just have an 'AND' statement with the ad group at the end?
