Thanks for your reply.
In some of the security rules is mentioned the "App_Appscript" and the "Loadmodel".
This rule is actually given specific users the access to read the specified app-objects. But the Loadmodel and the appscript are explicitly negated. Anyway, removing this part doesnt give the access on the loadmodel.
(resource.objectType = "userstate" or resource.objectType = "sheet" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark")
and user.group like "*dev" and (resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" and resource.objectType != "loadmodel")
Any other ideas?
I found a solution in an other thread:
That means, you only have to change the content admin security rule to work in "hub and qmc".
Works fine for me, tested in QS 3.1.1.
It still has some sideeffects, as for now i can see ALL apps in "my work", but i guess all of this is managable with some more accurate securtiy rules.
to let Users see the Datamodel in published apps, you have to create a user role f.e. "DataModelReader" by creating the following security role:
Recource filter: App_*
Actions: read, update (!!!)
Context: Both in Hub and QMC (!!!)
Now you have a new user role called "DataModelReader" which you can grant to your users.
Users having that role can see the the link to the data model and to the script. They can open the data model viewer and will see the data model but can not safe any changes.
They can also open the script editor, but they will not see any code -except the standard variable definitions- and they can not safe any changes in the script.
For we already talked to each other and tried that solution, I know this helps
i think you meant :
Are you sure a user can not change anything? I could change the design, for example by adding an object.
I could not change the load script, but i saw it.
Better would be if we can define a rule just for the datamodel only with the action read.
This solution is to risky as other user can change the app object.
I am using the newest Qlik Sense Version 3.1 SR4
Your method of providing data model and script access of published app works like a charm however it has a small problem that when I assigned the role to myself I could see all the unpublished app in My Work including those of different owners. It would be nice if I could see only those app in My Work that are owned by me.