5 Replies Latest reply: Jul 5, 2016 6:52 AM by Jean-Pierre Bakhache RSS

    Sharing app with specific users in stream

    Jean-Pierre Bakhache

      Hello,

       

      Let's say a user is within a big department, they all have access to a stream.

      This user wants to create an app and share it to specific users from this department, so if the app is published to that stream, not all users should be able to see it.

       

      What are the possible options to achieve this in qliksense?

      Do we have to create another stream for those users only (As this might lead to creating many streams and this is not desired by the client)

      Is it through security rules? How?

      Appreciate having a detailed clarification, as I'm new to qliksense admin part.

       

      Thanks.

        • Re: Sharing app with specific users in stream
          Silambarasan P

          Hi,

           

          The users in the stream can have different access rights.

           

          Few users can have only read rights, few users may have both read and publish while others may have only publish access to the stream. However, security cannot be changed to a specific app level in the stream.

           

          More detailed explanations are available below

           

          https://help.qlik.com/en-US/sense/1.1/Subsystems/Hub/Content/Hub/Streams.htm

           

          https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_Streams.htm

           

          Thanks.

          • Re: Sharing app with specific users in stream
            Damian Waldron

            We did something similar to this by creating a custom property on each user. I.e. Organisation. We then had to modify the App* rule to include a clause that matches the resource owner's department with the current user's.

             

            i.e.

             

            resource.owner.@ORG = user.@ORG


            There is a default rule: "Stream" which defines if you have access to the apps or not. I would disable the standard rule and create a new one. 


            The following edit limits all streams so that you can only Read apps where your custom value Org is the same as the App owners custom value.


            ((resource.resourcetype = "App" and resource.stream.HasPrivilege("read"))

            or

            ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read")))

            and

            (resource.owner.@ORG = user.@ORG)

             

            This is fairly crude though as this will effect all streams. A refinement would be to edit which streams this resource.owner clause applies to. I think the following limits this to the Sales Stream. Some testing would be needed. I have not added this clause to the App.Objects as these belong to the App.

             

            (

            (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales")))

            or

            ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))

            )

              • Re: Sharing app with specific users in stream
                Jean-Pierre Bakhache

                Okayy, I see your point Damian.

                 

                Do you know if that's also applicable on the sheet level?

                 

                I mean within a published app, that user wants to create his own sheet and then share/publish it to part of the users who have access to that app (all users have access to the app, but only some will see that specific sheet).

                 

                Will that be doable through the security rules?

                Appreciate if you can explain how.

                 

                Thanks in advance.

                  • Re: Sharing app with specific users in stream
                    Damian Waldron

                    I am pretty sure that if you extend the security rule to the App.Object clause this should work. i have not tested this one though. This will apply to any objects that have been created on a published application. Well in theory anyway.Again the example below is only applying it to hte stream sales. This is probably not required as it is covered in teh App clause.

                     

                    (

                    (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales")))

                    or

                    ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read") and ((resource.owner.@ORG = user.@ORG and resource.stream.name = "Sales") or (resource.stream.name != "Sales"))

                    )

                    )