Solved: Security rules to manage sheets visibility - Qlik Community

michele_stenico · ‎2016-01-02

Hi,

I am trying to understand how working with securities rules. That is not easy nor intuitive. However my aim is using sheet level security to manage the visibility of sheets.

Es.

UserTest1 has to access to Wsheet1 and Wsheet2

UserTest2 ha to access to Tsheet1 and Tsheet2

I have read others post, I have followed the detailed suggestions of https://community.qlik.com/thread/155799 -Sheet level Section Access in Qlik Sense ?? but, the second rules doesn't look working.

I have also followed another way:

1) I have modified the stream template rule as following:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(resource.objectType ="sheet" and resource.name like "W*" and user.name="usertest1") or

(resource.objectType ="sheet" and resource.name like "T*" and user.name="usertest2")

))

I don't like the upper solution because the maintenance looks very hard and I am not able to predict the implication over others app. I also would like give access privileges to groups and not to single user.

I have created two streams. In the first stream I insert a role that give access to Users that have to access to sheet1. In the second stream 2 I insert a role that give access to Users that have to access to sheet2.

I tried to modify the upper role in the follow way:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(resource.objectType ="sheet" and resource.name like "S*"

Resource.Objecttype ="stream" and Resource.name='Stream1')) or

(resource.objectType ="sheet" and resource.name like "T*" and

Resource.Objecttype ="stream" and Resource.name='Stream2')

)

It doesn't work and the users aren't to able to access neither sheets

Thabnk a lot for every help

reddy-s · ‎2016-01-07

Hi Michele,

Managing the access of the user through Custom properties is handy as well.

Create custom properties, Assign a value to each user and make use of it in the security rule.

Regards,

Sangram Reddy.

View solution in original post

reddy-s · ‎2016-01-03

Hi Michele,

This thread should help you restrict access by sheet level.

Sheet level Section Access in Qlik Sense ??

michele_stenico · ‎2016-01-06

Hi SanGram,

sorry for answering on late, I have been away on Holiday.

However I tried to follow the post that you have marked, but It doesn't work:

1) the first script avoids to all users to access to the sheets. It is OK

2) the second script doesn't override the first one and all users are not still able to access the sheets.

The other question it is the way that I can use to give the access privileges to groups or stream instead to give the access to the single user.

Thank a lot

reddy-s · ‎2016-01-07

Hi Michele,

Managing the access of the user through Custom properties is handy as well.

Create custom properties, Assign a value to each user and make use of it in the security rule.

Regards,

Sangram Reddy.

michele_stenico · ‎2016-01-07

Thank a lot,

I have created a Custom Properties named @BSCGroup and I have associated it to the User Resource Type. Thus I inserted two occurences T and S.

Then I have modified the security rule as follow:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(resource.objectType ="sheet" and resource.name like "S*" and user.@BSCGroup="S") or

(resource.objectType ="sheet" and resource.name like "T*" and user.@BSCGroup="T")

It correctly works

reddy-s · ‎2016-01-07

Perfect! Glad that solved your issue 🙂 I use custom properties and are very handy.

rohitk1609 · ‎2017-01-30

Hi Michele,

I was reading your comments and stuck in same problem which you had:

I am mentioning the process I followed below step wise:

1. Disabled By default Stream access rule

2. Created a Custom Property @Stream_Access with resources type Stream and User and used as below :

((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

3. Created a Custom Property with resource type user and app and used as :

((user.@AppAccess="AppAccess" and resource.@AppAccess="AppAccess"))

4. Created another Custom Property with resource type User with value "First"

and created a new security rule by following your one as:

(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read") and

(

(user.@AccesstoSheet="First" and resource.objectType="sheet" and resource.name="JzJMza")

))

Custom Property: @AccesstoSheet with value First and same assigned to concern user

JzJMza: it is the sheet id i got from developer hub , single configuration and copied by URL

Now when I login with my concern user there are no sheet is available there as Concern User donot have any sheet acess.

Can you please help me to know what I am doing wrong and missing