3 Replies Latest reply: Sep 7, 2016 2:45 PM by Levi Turner RSS

    Concrete answer on creating security rule at stream sheet level

    Oredas Bruno

      Hello Guru's,

       

      I would like to get concrete answer on this.

      Problem: i have 10 active streams with already established security rules for them. I created new stream and would like to restrict access to certain sheets. For example :

       

      StreamApp
      sheets
      test_user1
      test_user2
      test streamtest app101
      test streamtest app210

       

      So as you see i want both users to have access to the same stream and same app, but  restrict access at sheet level.

      I read this:

      https://community.qlik.com/thread/155799

      which didn't provide an answer. I read many other posts, in which states, that security at sheet level is not possible in Sense (as of yet).

       

      I understand i can create multiple apps and restrict access at app level, but before doing that i would like to see maybe there is a way to be able to do restrictions for 1 app.

      Hope it makes sense

       

      Waiting for your responses and thank you in advance

       

      Oredas

        • Re: Concrete answer on creating security rule at stream sheet level
          Levi Turner

          Yes, sheet level restrictions are possible.

           

          In order to accomplish this, you will have to disable the Stream security rule which allows inheritance from the Stream to the App and to the App Objects and either rebuild it (1) or manually handle app level access.

           

          (Both examples involve disabling the Stream rule and rebuilding it to fit the use case.

          (1) e.g. (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.app.@SheetLevelSecurity!="Yes") and resource.app.stream.HasPrivilege("read"))

          -- Which ties into a custom property SheetLevelSecurity which is applied to Apps and has the values Yes or No.

          or

          (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true" and (resource.objectType= "sheet") and (resource.name!="Finance Dashboard" and resource.name!="HR Dashboard") ) and resource.app.stream.HasPrivilege("read"))

          -- This refers to specific sheet names

           

          This is not an elegant route which does have non-trivial maintenance costs.