13 Replies Latest reply: Jul 12, 2017 5:41 AM by Armand Frigo RSS

    How to limit stream visiblity

      Hi All,

       

      I don't know if there was an option for this, but I would be interested to limit visibility of a stream.

      What I mean is:

      I have a multinode environment. I would like to create a stream (and publish apps in that stream) which is only visible if I go to the slave node hub (or central node, but only one of the access points) access point.

      Would be a solution for this limitation?

       

      Thanks,

      G

        • Re: How to limit stream visiblity
          Jeffrey Goldberg

          Gergo,

           

          Security rules are the best way to implement what you are trying to do here.  Traditionally, security rules for streams are tied to users, thus, the user that logs in sees the streams they have access to see.

           

          When it comes to multi-node, I can think of a number of ways to get to the result you are envisioning.

           

          1.  Use a virtual proxy to drive users to a specific node where the app is loaded.

          2.  Use security rules to make an app available on a specific node.

           

          You may be able to use security rules to make a stream available on a specific node, but I think it may be a more complicated rule than the options above.

           

          Jeff G

            • Re: How to limit stream visiblity
              Paul Steinborn

              Hi Jeffrey,

              how can be your second solution "2. Use security rules to make an app available on a specific node." implemented?

               

              I tried to use :

              Ressource Filter :      App_XXX

              Actions :                   read

              Conditions :              (node.name="node_a")

               

              but it does not work

            • Re: How to limit stream visiblity

              Hi Jeff,

               

              Thanks for your answer.

              The first solution looks good to me. Could you help me/point me towards the solution?

               

              Any help would be appreciated

               

              Thanks,

              G

              • Re: How to limit stream visiblity

                Hi Jeff,

                 

                Thank you very much for the links. I have had a look at them, but still can't work out how could I add a stream to a virtual proxy... can't find out how to llimit the access of the stream to one server. I want this stream to only be visible if i login to serverA\hub but not when I login serverB\hub - obviously I have a multinode envirinment with 1 central node and 1 slave node.

                • Re: How to limit stream visiblity

                  Jeff,

                   

                  Thank you very much for your help.

                  I had a look at these filters, I can't find them in the security rules... Only can see user, strem and stream.name.

                  How can I filter bu these resources.

                   

                  Sorry for the basic question but this stuff is quiet new for me.

                   

                  Thank you,

                  G

                    • Re: How to limit stream visiblity
                      Jeffrey Goldberg

                      Gergo,

                       

                      When it comes to security rules it very quickly becomes not a basic question.  For the rule you are going to try to build you are going to need to use the advanced editor instead of the basic ui seen in security rules.  The best thing to do is to start by looking at the default security rules that exist in the QMC.  Virtual Proxy is a resource filter used in a couple of rules, one of them is the SecurityAdmin role giving them access to Virtual Proxies.

                       

                      So what you are going to want to do is specify a rule for a specific stream and identify the conditions in the appropriate way (samples here).

                       

                      So in theory something like :

                      resource.resourcetype="Virtual Proxy" and resource.name="MyVirtualProxy" under the conditions for the stream rule will work.  You will likely want to supply an attribute for a user group as well because in this case anyone who comes in on the virtual proxy is going to see the stream, and you may not want that.

                       

                      Unfortunately, there is no simple answer for what you want to do.  I've given you some options that do simplify but you seem insistent on going down a specific path.  At this point, you are going to have to do some hunting to get to your final answer, but I'm happy to guide you along your journey.

                       

                      Please mark responses that have been helpful as such, and if you have additional questions feel free to add to this thread or private message me.

                       

                      jg

                        • Re: How to limit stream visiblity

                          Hi Jeff,

                           

                          Sorry to bother you again. I have had a look at the links - as far as I can see the resource can be only associated with the streams and not oposite. I would like to associate the stream to a node.
                          I have created an advanced condition:

                          ((resource.resourcetype="Virtual Proxy" and resource.name="TEST08 Proxy" and !user.IsAnonymous()))

                           

                          But it doesn't want to work. It's a test environment, if everyone can access that's not a problem. What I want to do first is to make the stream only visible on one of the nodes (TEST08).

                           

                          Could you give me an idea please what's wrong here?

                           

                          Many thanks,

                          G

                      • Re: How to limit stream visiblity

                        Jeff,

                         

                        Thank you for all your help. I wil ltry to play around a bit. Very useful links. I'll let you know how I am getting on.

                         

                        Regards,

                        G

                        • Re: How to limit stream visiblity

                          Hi All,

                           

                          If you wanted to something similar. Here's the answer from Qlik:

                          Stream can't be limited only apps can be.

                          So what I wanted to do is sort of impossible with the recent version (1.1) maybe in the future...

                           

                          Thanks for help

                            • Re: How to limit stream visiblity
                              Sean Smith

                              Has anyone seen an update on this?  Is the access still just tied to the user, so if the user has access to 1 of 5 streams  they only see the 1 stream no matter which node they logged into?  So essentially all nodes have all streams available, it's just up to the security rights of the user to see or not to see.

                              • Re: How to limit stream visiblity
                                Armand Frigo

                                Apparently the limitation is still there in 3.2 SR4.

                                 

                                I defined stream custom properties A & B to match with rim nodes A & B.

                                Since my user has access to all streams, but should see A streams on node A and B streams on node B.

                                This does not work sadly, user can see all streams on both nodes with a very frustrating behavior: B streams are empty on node A and A streams are empty on node B.

                                 

                                Node A is dedicated to IT managed apps and node B to Self-Service apps on our landscape.