6 Replies Latest reply: Jan 30, 2017 2:39 AM by Rohit Kumar RSS

    Security rules to manage sheets visibility

    Michele Stenico

      Hi,

      I am trying to understand how working with securities rules. That is not easy nor intuitive. However my aim is  using sheet level security to manage the visibility of sheets.

      Es.

      UserTest1  has to access to Wsheet1 and Wsheet2

      UserTest2 ha to access to Tsheet1 and Tsheet2

       

      I have read others post, I have followed the detailed suggestions of  https://community.qlik.com/thread/155799 -Sheet level Section Access in Qlik Sense ??  but, the second rules doesn't look working.

       

      I have also followed another way:

      1) I have modified the stream template rule as following:

      (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and

      (

      (resource.objectType ="sheet" and resource.name like "W*" and user.name="usertest1") or

      (resource.objectType ="sheet" and resource.name like "T*" and user.name="usertest2")

      ))

       

      I don't like the upper solution because the maintenance looks very hard and I am not able to predict the implication over others app.  I also would like give access privileges to groups and not to single user.

      I have created two streams. In the first stream I insert a role that give access to Users that have to access to sheet1. In the second stream 2 I insert a role that give access to Users that have to access to sheet2. 

      I tried to modify the upper role in the follow way:

      (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and

      (

      (resource.objectType ="sheet" and resource.name like "S*"

      1. Resource.Objecttype ="stream" and Resource.name='Stream1')) or

      (resource.objectType ="sheet" and resource.name like "T*" and

      1. Resource.Objecttype ="stream" and Resource.name='Stream2')

      )

      )

      It doesn't work and  the users aren't to able to access neither sheets

       

      Thabnk a lot for every help

        • Re: Security rules to manage sheets visibility
          Sangram Reddy

          Hi Michele,

           

          This thread should help you restrict access by sheet level.

           

          Sheet level Section Access in Qlik Sense ??

            • Re: Security rules to manage sheets visibility
              Michele Stenico

              Hi SanGram,

              sorry for  answering on late, I have been away on Holiday.

              However I tried to follow the post that you have marked, but It doesn't work:

              1) the first script avoids to all users to access to the sheets. It is OK

              2) the second script doesn't override the first one and all users are not still able to access the sheets.

               

              The other question it is the way that I can use to give the access privileges to groups or stream instead to give the access to the single user.

               

              Thank a lot

                • Re: Security rules to manage sheets visibility
                  Sangram Reddy

                  Hi Michele,

                   

                  Managing the access of the user through Custom properties is handy as well.

                   

                  Create custom properties, Assign a value to each user and make use of it in the security rule.

                   

                  Regards,

                  Sangram Reddy.

                    • Re: Security rules to manage sheets visibility
                      Michele Stenico

                      Thank a lot,

                      I have created a Custom Properties named @BSCGroup and I have associated it to the User Resource Type. Thus I inserted two occurences T and S.

                      Then I have modified the security rule as follow:

                      (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and

                      (

                      (resource.objectType ="sheet" and resource.name like "S*" and user.@BSCGroup="S") or

                      (resource.objectType ="sheet" and resource.name like "T*" and user.@BSCGroup="T")

                       

                      It correctly works

                       

                        • Re: Security rules to manage sheets visibility
                          Sangram Reddy

                          Perfect! Glad that solved your issue :-) I use custom properties and are very handy.

                          • Re: Security rules to manage sheets visibility
                            Rohit Kumar

                            Hi Michele,

                             

                            I was reading your comments and stuck in same problem which you had:

                            I am mentioning the process I followed below step wise:

                             

                            1. Disabled By default Stream access rule

                            2. Created a Custom Property @Stream_Access with resources type Stream and User and used as below :

                            ((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

                             

                            3. Created a Custom Property with resource type user and app and used as :

                            ((user.@AppAccess="AppAccess" and resource.@AppAccess="AppAccess"))

                             

                            4. Created another Custom Property with resource type User with value "First"

                            and created a new security rule by following your one as:

                             

                            (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and

                            (

                            (user.@AccesstoSheet="First" and resource.objectType="sheet" and resource.name="JzJMza")

                            ))

                             

                            Custom Property: @AccesstoSheet with value First and same assigned to concern user

                            JzJMza: it is the sheet id i got from developer hub , single configuration and copied by URL


                            Now when I login with my concern user there are no sheet is available there as Concern User donot have any sheet acess.


                            Can you please help me to know what I am doing wrong and missing