6 Replies Latest reply: May 31, 2017 8:58 AM by Jeffrey Goldberg RSS

    Allow TeamAdmin to publish and replace apps in QlikGroup-streams

    Vegar Lie Arntsen

      How should I go forward to allow the Team Admin to publish application to replace an existing app.

       

      When my TeamAdmin tries to do that she gets  "The operation failed due to insuffient privleges.

       

      My guess is that there is something wiht the: user.group=resource.@QlikGroup

      in the rule:_gss – TeamAdmin Read Rights

      That is causing the trouble.

       

      Any suggestions?

        • Re: Allow TeamAdmin to publish and replace apps in QlikGroup-streams
          Vegar Lie Arntsen

          I get the impression that it is the App.Objects that causes this issue. App objects do not have custom properties attached to them.

           

          What do you guys think about this rule?

          Resource filter: App.Object_*

          Actions: Update

          Condition:

          (

            user.group ="Qlik_Role_TeamAdmin") and

            (

              user.group=resource.app.stream.@QlikGroup and

              user.@QlikGroup=resource.app.@QlikGroup

            )

          )

           

          What I am trying to do is to allow updates to all App.Objects where the object lies in a app and stream with the correct QlikGroup custom property.

            • Re: Allow TeamAdmin to publish and replace apps in QlikGroup-streams
              Jeffrey Goldberg

              @vegar, Apps or app objects?  Making it possible to publish apps for a team admin is a function of clicking the publish action in a security rule. You are correct that app objects do not get to use custom props.  What kind of app objects are you trying to publish?  Sheets, Stories, dims and measures?  Have you looked at QMC Utilities? https://github.com/eapowertools/QlikSenseQMCUtility

                • Re: Allow TeamAdmin to publish and replace apps in QlikGroup-streams
                  Vegar Lie Arntsen

                  Thank you for the reply jog

                  No I have only briefly been able to look into the QMC Utilities, but I don't think the QMC utilities will affect this issue.

                   

                  My team admin have no problems publishing new apps to a stream, the problem occur when trying to re-publish an app into a stream.

                   

                  Example:

                  1. The developer creates a new app called MyHR
                  2. The TeamAdmin publish the app to the HR stream. No problem
                  3. The TeamAdmin publish the app to replace the recently published MyHR app in the HR stream. The operation failed due to insuffient privleges.


                  My guess/impression is that you need to update App.Objects in order to republish an app.


                  The TeamAdmin Read Rights rule found in the iPortal-project is defined as below.

                  _gss – TeamAdmin Read Rights

                  • Actions: Create, Read, Update, Delete, Export, Publish
                  • Resource filter: Stream*, App*, ReloadTask*, SchemaEvent*, Tag*, CompositeEvent*, ExecutionResult*, CustomProperty*
                  • Conditions:  user.group="QlikTeamAdmin" and user.group=resource.@QlikGroup
                  • Context: Only in QMC
                  • Tags: Custom Rule


                  It do include both the Update-action and the App* resource filter, but the condition, user.group=resource.@QlikGroup, wont be valid for any App.Object because App.Objects do not have any QlikGroup custom property associated values. Thats why it is impossible to Re-publish an application as a team admin.


                  To solve this I believe we need to add a special rule for TeamAdmin handling App.Objects. The security rule I wrote in my previous comment i an attempt to write a complementary rule that should work together with both the TeamAdmin Read Righs, TeamAdmin QMC Sections and TeamAdmin Create Rights activated.


                  Is the TeamAdmin in your GSS setup allowed to republish apps? If so, do you use a different security rule setup than the iPortal- setup?


                  Cheers

                  Vegar