9 Replies Latest reply: May 4, 2015 4:05 AM by Rajiv Maskara RSS

    Stream Persmissions

      Hi

       

      We have multiple apps in a stream. Can we maintain permissions for the users so that some users can see some apps and some can see ell apps

       

      Thanks

        • Re: Stream Persmissions
          Michael Tarallo

          Hello Vamisi - yes you can using our security rules:

           

           

          Let us know if you require more assistance - is this a trial of Qlik Sense Server? If so you can have your dedicated pre-sales architect assist you further. If you own Qlik Sense - you can open a support ticket with Qlik Support where they can also help you with this.

           

          Please mark the appropriate replies as CORRECT / HELPFUL so our team and other members know that your question(s) has been answered to your satisfaction.

           

          Regards,

          Mike Tarallo

          Qlik

            • Re: Stream Persmissions

              Thanks for quick reply. Once we create security rule. Do we assign this security to a stream or at the app level ?

                • Re: Stream Persmissions
                  Michael Tarallo

                  Quite welcome....actually security rules created take action on the resources you set in them. You don't apply a security rule to a resource. Some resources, such as streams - allow you to create rules directly on those objects, making it a bit easier to set security. Apps do not have that option.

                   

                  The rules you create will take in account the app and the user. So you could create a rule for each user and app combination. OR - you could create a custom property, assign that property to that user and then create a rule to secure apps for users who only have that property assigned. It is very flexible that way.

                   

                  Check out these videos to learn more:

                   

                  New to Qlik Sense Enterprise Server Videos

                   

                  https://community.qlik.com/docs/DOC-7144#qmc - Management Console Series

                   

                  Here are some sample examples some show assigning a custom property and using that property:

                   

                  http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_ConfiguringSecurity…

                   

                  http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_ConfiguringSecurity…

                   

                  This help document should also help you:

                   

                  http://help.qlik.com/sense/en-US/online/#../Subsystems/ManagementConsole/Content/QMC_Resources_Rules_Overview.htm?Highli…

                   

                   

                  Please mark the appropriate replies as CORRECT / HELPFUL so our team and other members know that your question(s) has been answered to your satisfaction.

                   

                  Regards,

                  Mike Tarallo

                  Qlik

                    • Re: Stream Persmissions

                      Thanks. I did create some rules earlier. To achieve this functionality its getting complex. Not sure if i am not able to do or creating rules and applying to resources is tough. Below are the steps that i followed

                       

                      1) Created stream called Sales. Imported 3 apps to the stream. App a, App b, App c

                       

                      2) I have userid abc in our QMC.

                       

                      3) Created a security rule using tempate App Access Rule as you mentioned.

                          ((user.name="abc")) and app.name="App a"

                       

                      Is this correct ? Can someone shed some light on this

                       

                      Thanks

                        • Re: Stream Persmissions
                          Michael Tarallo

                          Hello Vamsi:

                           

                          Is this a trial of Qlik Sense Server? If so you can have your dedicated pre-sales architect assist you further. If you own Qlik Sense - you can open a support ticket with Qlik Support where they can also help you with this.

                           

                          Please let me know - so I can help you get the support you need.

                           

                          Regards,

                           

                          Mike T

                          Qlik

                          • Re: Stream Persmissions
                            Rajiv Maskara

                            Hi Vamsi,

                             

                            What you are doing is correct. However there is one additional step that would be required.

                             

                            You would need to disable the default security rule called "Streams". This rule allows all users to have read access to an app if they have read access to a stream.

                             

                            So if you are trying to control the access of an app within a stream, you would need to disable this rule.

                             

                            Hope this helps.

                             

                            Regards,

                            Rajiv Maskara

                              • Re: Stream Persmissions
                                Vamsi Vandavasi

                                Thanks Rajiv. You are correct in missing step

                                 

                                I tested and it worked. we need to change the way that we handle permissions on streams and apps. Until now what we did was adding users to streams and we thought we are done but maintaining permissions on Apps require another step. Below are the steps that i can think of maintaining permissions to apps and streams

                                 

                                1) Disable stream default rule.

                                 

                                2) Give permissions to users on required streams. (This will create a rule in automatically in security rules)

                                 

                                3) Create another rule directly in security rules from template App Access rule.

                                 

                                4) App template access rule by default creates Resource App_*. If I leave this resource as is then I am seeing all apps in my work section but I cannot see any sheets. So I changed this Resource to my app id like this App_af5437e2-a6b1-4487-8a1d-9f8852391122. With this step I am able to app but cannot see sheets so updated Resource to App_af5437e2-a6b1-4487-8a1d-9f8852391122,App.Object_*

                                 

                                5) I did put conditions as ((user.name="username or resource.name="appname")).

                                 

                                6) With all above steps, I see stream that I am supposed to see and also app and also sheets.

                                 

                                With all the above keeping in mind I came to understanding that each app in the server will have a rule so that permissions are maintained. Not sure if this is the correct way of doing or not.

                                 

                                Please post some best practices of maintaining permissions to streams and individual apps permissions for users if you can. Hoping that infuture this QMC will be enhanced so that from Users section itself we can choose apps and streams

                                 

                                Thanks

                                  • Re: Stream Persmissions
                                    Rajiv Maskara

                                    Hi Vamsi,

                                     

                                    Would request you to mark this question as answered.

                                     

                                    I think the steps that you have mentioned is one of the correct ways of doing it. Ofcourse, there could be other ways/steps to achieve this.

                                     

                                    The critical thing to remember, though, is that:

                                    i)    By default, the Qlik Sense system is closed. So if you can create an app, there is a rule that allows you to do that.

                                    ii)    If there are two conflicting rules, the rule that allows the permission shall prevail.

                                     

                                    I do not have any best practices, but this maybe an area to work upon for me. I am sure that there will be continuous enhancements to the Qlik Sense product as a whole and the rules engine will definitely not be overlooked

                                     

                                    Regards,

                                    Rajiv Maskara