4 Replies Latest reply: Feb 1, 2017 8:06 AM by rohit kumar RSS

    Sheet Level Access with Custom Property

    rohit kumar

      Hi Developers:


      I am trying to implement Sheet level security with custom properties:


      I am mentioning the process I followed below step wise:


      1. Disabled By default Stream access rule

      2. Created a Custom Property @Stream_Access with resources type Stream and User and used as below :

      ((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))


      3. Created a Custom Property with resource type user and app and used as :

      ((user.@AppAccess="AppAccess" and resource.@AppAccess="AppAccess"))


      4. Created another Custom Property @AccesstoSheet with resource type User with value "First" and assigned to my concern User:


      5. Created a new security rule by following your solution:


      (resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) or ((resource.resourcetype = "App.Object" and resource.published ="true") and resource.app.stream.HasPrivilege("read")  and


      (user.@AccesstoSheet="First" and resource.objectType="sheet" and resource.name="JzJMza")



      Custom Property: @AccesstoSheet with value First and same assigned to concern user

      JzJMza: it is the sheet id I got from developer hub ,single configuration and copied by URL


      Now when I login with my concern user and I have access to Stream then Application but there are no sheet is available there as Concern User don't have any sheet access.

      Can you please help me to know what I am doing wrong and missing

        • Re: Sheet Level Access with Custom Property
          Christophe Decluseau

          Hi !


          The resource.name is the real name of your sheet (ex. : "My dashboard").

          If you want to work with the ID of the sheet, you should use resource.id.

          You will find this ID in QMC / App Objects and add the ID column.


          One more things :

          You can simplify this ((user.@Stream_Access="Assistant" and resource.@Stream_Access="Assistant"))

          with this ((user.@Stream_Access=resource.@Stream_Access))

          => User and Stream with the same @Stream_Access values will have access.

          No need to create multiple values for "Assistant", then "xxx" and so on...

            • Re: Sheet Level Access with Custom Property
              rohit kumar

              Hi Christophe ,


              You answered exactly what I was looking , Really appreciated.

              I have tried to implement your solution and checked to App Objects and found every sheet has an resource id and we can use it instead of Name , Quiet enough , Now what is happening now I have written a code as below:

              (user.name="Jarvis" and resource.objectType="sheet" and resource.name="Budget Analysis")


              Then I have achieved what I want, I logged in with JARVIS and I found only Budget Analysis sheet is visible to Jarvis ,Now problem is when I open this Budget Analysis sheet I found there is no visibility of charts ,Its Blank or invalid visuals

              When I try to write code as:

              resource.id="TqwwFf"or resource.name="Sales vs Budget"

              Sales vs Budget is one of the charts which are available on Budget Analysis sheet and TqwwFf is the Object ID the same chart  which I got from developer hub then single configurator .


              but still no chart is visible


              I wondered why Chart names are coming under app.object i.e Sales vs Budget in resource name even if they are not app objects because when I look at the app Object folder there only sheet names are available, Please explain this

              Please provide me solution how can I see the visuals or charts when I restrict one sheet to one user and explain me what I am doing wrong if it is

                • Re: Sheet Level Access with Custom Property
                  Christophe Decluseau

                  I know this issue too. It's when you disabling Stream security rules. If you look at this it, this rules says to give access to AppObject except loadmodel and app_appscript.

                  It seems to also disable some visual abality. I don't really understand.


                  It's better to create a new rule, based on the Stream rule. In this new rule you will add :

                  and resource.objectType != "sheet".


                  So every others object type will be allow except loadmodel, app_appscript and sheet.

                  The sheet visibility are managed by the new rule we spoke before.

                    • Re: Sheet Level Access with Custom Property
                      rohit kumar

                      HI Christophe,


                      I found one another very easy way , Almost the same you told me initially, We just need to modify the same security rule which we have written for restrict concern user JARVIS to one single sheet with OR condition as :


                      (user.name="Jarvis" or resource.objectType="masterobject" or resource.name="*")


                      It will give visual access to the concern sheet and it is working fine.


                      Please clarify below terms :


                      loadmodel  is the same which is data model schema ?


                      app_appscript. : ETL script we writes in scripting engine ?

                      what you mentioned this time same I found initially when I started working on it, I was confused why do I want to add resource.objectType != "sheet"  in  Stream access rule , I thought this should be in APP. Object  template, Please clarify with this in detail , how can I restrict any app object in stream access rule ?