3 Replies Latest reply: Feb 28, 2017 10:04 AM by omar bensalem RSS

    User role to create bookmarks and stories in a published app

      Hi

       

      We are creating custom security rules by verifying this document. https://help.qlik.com/sense/en-US/online/index.html#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Configur…

       

      In this link it mentoned to create Developer, Contributor and Consumer role which we liked it. We want to extend rule for consumer. Right now consumer is allowed to view only but we want to extend it and have users in Consumer role create bookmarks, stories but not create sheets in the existing app ? Is that possible to write a rule.

       

      App.Object_Story, App.Object_bookmark ? Are these availabke ?

       

      Can you please let me know

       

      Thanks

        • Re: User role to create bookmarks and stories in a published app
          alexander korsikov

          yeah! my favorite kind of questions.

          create sec rule as my screenshot

          Name

          client can create all app object but not sheet

          Resource Filer

          App.Object_*

          Condition

          !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate"  or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous() and  user.@usertype="Customer"

          Action

          Create

          Rule1.png

            • Re: User role to create bookmarks and stories in a published app

              Thanks for the reply. It worked for bookmarks and also for creating stories but snapshot icon is missing. Expanded bookmark and create bookmark icon appeared and also for stories.

               

              Below is the header crumb screenshot

               

              Thanks

              • Re: User role to create bookmarks and stories in a published app
                omar bensalem

                Hi Alexander,

                 

                I'm currently trying to prevent all the users I have from editing or creating sheets in a published app !

                Only the Administrator is able to do so;

                 

                Here's what I did :

                I disabled a rule called: CreateAppObjectsPublishedApp

                 

                copied it and created a new rule :

                 

                filter : App.Object_*

                create- update

                 

                rule:

                !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and user.name="Administrator"

                 

                 

                But nothing happens, all of the users still can edit and create sheets in published apps.

                 

                what am I missing?