Oh, interesting task.
What rules will allow users to view applications in the console and the problem for them?
I would create 2 rules.
1. allow user read to stream's in HUB
2. allow user read and reload app in QMC
need to pay attention to the default rules that can perform actions with applications if the user has permission to stream.
Try to make an example on its server. If you succeed, I will describe an example.
Have you looked at applying the appropriate context to the stream rule - when creating streams there is an associated access rule editor that displays - if you select Advanced you can choose to select where the rule is valid. Such as apply to the hub, qmc or both:
Give that a try and let us know.
Please mark the appropriate replies as helpful / correct so our team and other members know that your question(s) has been answered to your satisfaction.
Hey John - you may find this help topic sample example interesting - this may also be something you want to do:
This gets into more detail how you can define custom rules using the resource.resourcetype attribute and the QmcSection_* resource filter - with this combination - you can lock down almost anything and create custom roles that you assign to users.
if needed I have expamle security rules
1. Allow user Atest read stream "Core" only in HUB
2. Allow user Atest read stream "test" both in QMC and Hub
3 Create rule to acces to section QMC
4. Aand allow access to resources to which it has permission to read
Certainly recommend instead of specifying a particular user in the rules make reference to a custom properties of users.
I see a hub applications in both streams. and in the management console only applications from stream "test", and tasks for these applications
Hi Michael / Alex,
Thanks for you help. I have it working and now have a better understanding of security roles.
One thing I have found is that you need to properly plan and implement your Security Rules. Then of course you need to have some form of documentation / naming conventions so that others in you team can pickup where you left of. It is a lot more complicate that QV but I can see the benefits.