6 Replies Latest reply: Jan 29, 2018 8:51 AM by kk kk RSS

    Need help on Streams 'n' Apps Access

    Sasi K

      Hi All -  We are on v2.1.1 and need help on the security rule for the below scenario - Could you please help in this!

       

      Can you plz check if you got the procedure to allow FULL ACCESS to Stream and CONDITIONAL ACCESS to Apps in that Stream or let me know your thoughts on the same

       

      Scenario -

      Stream (holding App1, App2, App3& App4) has access to all 4 groups A,B,C,D

      App1 to be accessed by A

      App2 to be accessed by B

      App3 to be accessed by C

      App4 to be accessed by D

      Thanks!

        • Re: Need help on Streams 'n' Apps Access
          Vamsi Vandavasi

          Hope this helps. You need to create custom properties one belongs to streams and users. Another custom property belongs to App and users.

           

          Each stream will have custom property value. For example lets say you created a custom property called StreamGroup. You have a stream called Testing. Create a value of Testing or  something that you can identify that it belongs to Testing stream in StreamGroup Custom property. Once you created assign that value of custom property to Stream. Same thing goes with App also.

           

          Stream values and App values from custom property also applies to user profile. Once this is done you will create universal security rule

           

          Disable Stream security rule in order to have below things work

           

          Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

          Resource Filter : Stream_*

          Context: Hub

          Conditions : ((user.@StreamGroup=resource.@StreamGroup))

           

           

          Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

          Resource Filter : App*

          Context: Hub

          Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

           

           

          Name of the Rule : UDR_Stream_App Custom Rule  (This will give access to specificApp to users. AppLevelMgmt  is custom property for apps. By default if you dont have any restriction in a stream then you dont assign any values to App. In a stream if you want maintain security for each app then you will assign values of that app and to users.)

          Resource Filter : App_*

          Context: Hub

          Conditions : resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt ))

           

           

          We learned it in a hardway to implement these.Security rules is different world to maintain. please test a lot before making available to users.

          • Re: Need help on Streams 'n' Apps Access
            Nitin Jadhav

            I am facing same problem as Shraddha, No sheets are visible from app.

              • Re: Need help on Streams 'n' Apps Access
                Shraddha Gajare

                Hi Nitin,

                 

                It worked for me.

                Can you explain the steps you followed?

                  • Re: Need help on Streams 'n' Apps Access
                    kk kk

                    Hi @Shraddha Gajare

                     

                    im having the same problem as Nitin.

                     

                    apps are showing but no sheets are visible.

                    so i followed the same exact thing above

                     

                    1-i created two custom properties

                    ** StreamGroup  for stream and users

                    value : Sale

                     

                    **AppLevelMgmt for apps and users

                    no value at first try to give the user full access to apps.


                    2-i have a stream called Sales:

                    assigned  costume property value StreamGroup =Sale



                    3- Security Rules applied


                    1st

                    Name of the Rule : UDR_Stream_StreamAccess_Group  (This will give access to Stream )

                    Resource Filter : Stream_*

                    Context: Hub

                    Conditions : ((user.@StreamGroup=resource.@StreamGroup))

                     

                    2nd

                    Name of the Rule : UDR_Stream_App Default Rule  (This will give access to App to users and they can see all apps in  a stream)

                    Resource Filter : App*

                    Context: Hub

                    Conditions : (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read"))

                     

                     

                     

                    4-User 1

                    assigned  costume property value StreamGroup =Sale



                    do we have to apply another security rule for sheet level ??