Hell Nitin - let me see if jog can be of some assistance?
When applicable please mark the appropriate replies as CORRECT. This will help community members and Qlik Employees know which discussions have already been addressed and have a possible known solution. Please mark threads as HELPFUL if the provided solution is helpful to the problem, but does not necessarily solve the indicated problem. You can mark multiple threads as HELPFUL if you feel additional info is useful to others.
i agree with Mark that seeing the rules you have added would be helpful. in absence of that a couple of things...
1. did you disable any rules that control app.object resources or have a resource set as app*?
2. App* in a resource will make the rule run against apps AND app objects.
3. for only apps, set resource to app_*
its been a while since i watched the video, but i figure what you are trying to implement is app level management and what has happened is the user has access to app but no sheets.
you may want to look at the Qlik Sense Governed Self Service space on community and have a look at iportal and the governed self service configuration rules which include app level management. Shortcut to gss rules here iPortal/gss_setup_guide.md at master · eapowertools/iPortal · GitHub.
like mtarallo stated, please mark help AND/OR answered if this response does the trick.
Following are the details.
1. Custom Properties :
1.1 AppLevelMgmt : Resource types:Apps, Users, Custom Property Values : Executive
1.2 Group : Resource types: Streams, Users, Custom Property Values : Executive, Finance, Operations
2. Streams :
2.1 Stream Name : Executive, Group:Executive
3.1 App Name : Enquiries : Restricted App : Custom Property Assigned : Executive, Published to : Executive Stream
3.2 App Name : Overtime : Unrestricted App : No Custom Property Assigned, Published to : Executive Stream
4.1. User1 : Custom Property Assigned : AppLevelMgmt:Executive, Group:Executive
4.2. User2: Custom Property Assigned : Not Assigned AppLevelMgmt, Group:Executive,Operations
4.3. User3: Custom Property Assigned : Not Assigned AppLevelMgmt, Group:Executive,Finance
5. Security Rules
5.1 Disabled Default rule for Streams(App) access as per video.
5.2 Create Custom rule for Stream Display: Resource type: Stream, Action :Read,Publish Rule :((user.@Group=resource.@Group)), Context: Both hub and QMC
5.3. Create Custom rule for XYZ Company App Access Default Rule - Resource Filter : App*, Action: Read, Rule: (resource.resourcetype = "App" and resource.stream.HasPrivilege("read") and resource.@AppLevelMgmt.empty()) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")), Context: Both hub and QMC
5.4 Create Custom rule for XYZ Company App Access Exception Rule - Resource Filter : App*, Action: Read, Rule: resource.stream.HasPrivilege("read") and ((user.@AppLevelMgmt = resource.@AppLevelMgmt )), Context: Both hub and QMC
After applying above rules, Users are able to see their respective Apps, but when they open the open, they can't see Sheets inside the App.
Now I am going to follow Jeff's suggestion regarding iportal/gss rules and post once completed.