3 Replies Latest reply: Aug 11, 2016 6:57 AM by Rohit Kumar RSS

    App based security rule in qlik sense

    Prasanta Kumar

      Hi,

       

      i have two apps and some AD goups into which users have been added. same user are part of multiple AD groups.

       

      I have a scenario, where i want to give one AD group to create sheet, bookmark, publish sheets and all facilites under one app.

      where as for the second app, i want to give this AD group without sheet creation permission.

      which means they can create all other app ojects like bookmark , story and all.

       

      I tried to use the below security rule, but it did not work.

      please advise in which part i am doing wrong.

       

      i have disabled the stantad create app object security rule in qmc.

      also is it possible to restrict users to create a sheet but not capable of publishing that.

       

       

      App1

      ================

       

      Resource filter - App_05f36db7-22e7-4da2-9900-abcf8316a94c,App.Object_*

       

      Condition -

       

      !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType != "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !(user.group="TEAM1")

       

       

      App2

      ===============

       

      Resource filter -  App_22e7-4da2-9900-abcf8316a95c,App.Object_*

       

      Condition

      !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or resource.objectType != "sheet" or resource.objectType = "story" or resource.objectType != "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !(user.group="TEAM1")