I get the impression that it is the App.Objects that causes this issue. App objects do not have custom properties attached to them.
What do you guys think about this rule?
Resource filter: App.Object_*
user.group ="Qlik_Role_TeamAdmin") and
What I am trying to do is to allow updates to all App.Objects where the object lies in a app and stream with the correct QlikGroup custom property.
@vegar, Apps or app objects? Making it possible to publish apps for a team admin is a function of clicking the publish action in a security rule. You are correct that app objects do not get to use custom props. What kind of app objects are you trying to publish? Sheets, Stories, dims and measures? Have you looked at QMC Utilities? https://github.com/eapowertools/QlikSenseQMCUtility
Thank you for the reply jog
No I have only briefly been able to look into the QMC Utilities, but I don't think the QMC utilities will affect this issue.
My team admin have no problems publishing new apps to a stream, the problem occur when trying to re-publish an app into a stream.
- The developer creates a new app called MyHR
- The TeamAdmin publish the app to the HR stream. No problem
- The TeamAdmin publish the app to replace the recently published MyHR app in the HR stream. The operation failed due to insuffient privleges.
My guess/impression is that you need to update App.Objects in order to republish an app.
The TeamAdmin Read Rights rule found in the iPortal-project is defined as below.
_gss – TeamAdmin Read Rights
- Actions: Create, Read, Update, Delete, Export, Publish
- Resource filter: Stream*, App*, ReloadTask*, SchemaEvent*, Tag*, CompositeEvent*, ExecutionResult*, CustomProperty*
user.group="QlikTeamAdmin" and user.group=resource.@QlikGroup
- Context: Only in QMC
- Tags: Custom Rule
It do include both the Update-action and the App* resource filter, but the condition, user.group=resource.@QlikGroup, wont be valid for any App.Object because App.Objects do not have any QlikGroup custom property associated values. Thats why it is impossible to Re-publish an application as a team admin.
To solve this I believe we need to add a special rule for TeamAdmin handling App.Objects. The security rule I wrote in my previous comment i an attempt to write a complementary rule that should work together with both the TeamAdmin Read Righs, TeamAdmin QMC Sections and TeamAdmin Create Rights activated.
Is the TeamAdmin in your GSS setup allowed to republish apps? If so, do you use a different security rule setup than the iPortal- setup?