3 Replies Latest reply: Aug 12, 2016 1:18 PM by Mark Ritter RSS

    Custom Properties

    Mark Ritter

      I have a Custom Property in the QMC called AppLevelMgmt that is supposed to control a user being able to see specific apps within a stream.

      I have also implemented the Governed Self Service Security Rules provide by Qlik.

      For some reason the rules are not limiting visibility to my apps.  I have confirmed that I have the correct values set in the Custom Properties for the User and for the App.

      But once I give a user access to a Stream they can see all of the apps no matter what.

       

      Here are the 2 rules that I have in place.  I have not modified them from what I got from Qlik.

       

      This is the Stream Rule - Default Apps Rule:

      (

                  resource.resourcetype = "App"

                  and resource.stream.HasPrivilege("read")

                  and resource.@AppLevelMgmt.empty()

              )

              or

              (

                  (

                      resource.resourcetype = "App.Object"

                      and resource.published = "true"

                      and resource.objectType != "app_appscript"

                  )

                  and resource.app.stream.HasPrivilege("read")

              )

      This is the Stream Rule - Apps Exception Rule:

      resource.stream.HasPrivilege("read")

              and            

              user.@AppLevelMgmt=resource.@AppLevelMgmt

       

      Any guidance would be greatly appreciated.

        • Re: Custom Properties
          Vladimir Komarov

          Mark,

           

          As far as I know there is no app-based security rules supported.

          The access level is stream-based only...

           

          I would love to use the app-based approach myself, but as far as I know you can only use Section access for individual apps and they all will be visible in the stream..

           

          Regards,

          Vlad

          • Re: Custom Properties
            Ricardo Gerhard

            Dear Mark,

             

               By default, there is security rules to define all tabs/objects available on the application to a user that have access in a specific stream. It´s a default behavior like vlad.komarov mentioned.

               But, if you need to change this behavior, you really need to disable the default Qlik Security Rules.

               So, be carefull on this process, because a simple change can crash all enviroment. Always use a test environment on this case.

             

               Please, mark the CORRECT and HELPFUL comments.

             

            Regards.

              • Re: Custom Properties
                Mark Ritter

                As part of installing the Governed Self Service from Qlik the original rules were disabled and replaced with custom rules. 

                Everything seems to be working fine except for trying to hide apps from certain users.

                 

                But it sounds like this is not possible.