3 Replies Latest reply: Jan 26, 2017 1:48 PM by Karthikeyan Subramaniam RSS

    Rule with wildcard AND resource property value

    Benjamin Asher

      I have a rule which allows access to apps if the user property UserAccessCode equals the app custom property AppAccessCode:


           resource.stream.HasPrivilege("read") and ((user.UserAccessCode = resource.@AppAccessCode))


      This works fine if the UserAccessCode is ABC and the AppAccessCode is ABC.


      What i now want to do is introduce a wildcard so that a single UserAccessCode can access multiple AppAccessCodes. For example:


           UserAccessCode is ABC


           AppAccessCodes are ABC123 and ABC456.


      I can do this with a hardcoded wild card, like this:


           resource.stream.HasPrivilege("read") and ((user.UserAccessCode like "ABC*"))


      However, i don't know how to do it so that the ABC portion is a property value. Something like this doesn't work:


           resource.stream.HasPrivilege("read") and ((user.UserAccessCode like resource.@AppAccessCode&"*" ))


      Does anyone know if this is possible?

        • Re: Rule with wildcard AND resource property value
          Johannes Sunden

          Hi Benjamin,

           

          Interesting question. I don't think there's a great way of setting up a dynamic wild card match like you want.

          Tried it out on my end as well and can't seem to get it going with different syntax checks.

           

          What I would suggest instead is to restructure the custom properties a little instead.

          Maybe use one custom property, AccessCode, and assign it to both apps and users and then just match ABC to ABC.

          This should give you a baseline app grouping and matching to users. Combined with Streams you already have pretty good segmentation options.

          Assign a second custom property allows for another level of segmentation, down to individual apps for example. Maybe call this property AppAccessCode with values ABC123 and ABC456. Tag this custom property to both users and apps as well and have a second security rule that matches app access for when users and apps have matching values for this custom property.

           

          Your AccessCode Custom Property will provide app access on a more "aggregated" level while the AppAccessCode will provide app access on a more "granular" level.

          Hope this makes sense.

           

          Best regards,

          Johannes

            • Re: Rule with wildcard AND resource property value
              Benjamin Asher

              Hi Johannes,

               

              Thanks for looking at this for me.

               

              I was trying to avoid the creation of additional codes on the user, as that is being administered elsewhere and if I could use the single codes we already have then it would make things much simpler.

               

              What i am actually trying to do is have an app with ABC access which has several content libraries accessible from it, hence ABC123 and ABC456. We could then have another app with DEF and corresponding DEF123 and DEF456 content libraries.

               

              It looks like I might have to look at a way of automatically splitting out the ABC into a new additional user property before it passes to Qlik. Then everything else should fall into place.

               

              Thanks again for the help.

               

              All the best,

               

              Ben

            • Re: Rule with wildcard AND resource property value
              Karthikeyan Subramaniam

              This is something straightaway not possible with wildcard match with in rules.