-
Re: Security Rule to allow users to reload published apps
Bala Bhaskar Jul 5, 2017 2:49 PM (in response to Lucien Thompson)Action : Create, Read, Update, Publish
After the app is published, set up a reload Task in the QMC to reload the app on schedule.
-
Re: Security Rule to allow users to reload published apps
Lucien Thompson Jul 5, 2017 3:00 PM (in response to Bala Bhaskar)We know how to schedule reloads.
I specifically asked how to grant users the ability to reload the app on demand, not on a schedule.
-
Re: Security Rule to allow users to reload published apps
Marcos Gomez Jul 18, 2017 8:53 AM (in response to Lucien Thompson)I was testing the new version of ReloadButton extension too with same problem than you.
I could solve it by making a little change in Security Rule proposed at documentation:
Resource filter:
App_*,App.Object_*
Conditions
(((resource.resourcetype="App" and resource.stream.name="Everyone") or (resource.resourcetype="App.Object" and resource.app.stream.name="Everyone" and resource.objectType = "app_appscript")))
Context
Both in hub and QMC
Actions
Read,Update
See the text remarks at Resource filter, Conditions and Actions.
-
Re: Security Rule to allow users to reload published apps
Alex Levenstein Jul 19, 2017 6:02 PM (in response to Marcos Gomez )Edit: The issue was that the load script tried to access content that the user didn't have access to. When that was removed, it ran perfectly.
I am unable to let non-owner users reload using this method. My Security Rule parameters are:
Resource filter:
App_*,App.Object_*
Conditions:
((resource.resourcetype="App" and resource.stream.name="Test") or (resource.resourcetype="App.Object" and resource.app.stream.name="Test" and resource.objectType="app_appscript"))
Context:
Both in hub and QMC
Actions:
Read, Update
-
-
-
-
Re: Security Rule to allow users to reload published apps
Lucien Thompson Aug 1, 2017 2:43 PM (in response to Lucien Thompson)Thanks for the feedback!
Using the rules shown I can get the button to work, but limited to apps within the stream named in the rule.
I need to allow any user to reload any app in any stream they can 'read'.
The following rule doesn't work:
Resource filter:
App*
Conditions:
(resource.stream.HasPrivilege("read"))
Context:
Both in hub and QMC
Actions:
Read, Update
Wouldn't this rule apply to all objects within a stream the user can read?
Thanks!
-
Re: Security Rule to allow users to reload published apps
Marcos Gomez Aug 2, 2017 3:04 AM (in response to Lucien Thompson)I think the change you need in the rule is something like this:
Resource filter:
App_*,App.Object_*
Conditions
(((resource.resourcetype="App" and resource.stream.HasPrivilege("read")) or
(resource.resourcetype="App.Object" and resource.app.stream.HasPrivilege("read") and resource.objectType = "app_appscript")))
Context
Both in hub and QMC
Actions
Read,Update
-
Re: Security Rule to allow users to reload published apps
Lucien Thompson Aug 2, 2017 10:21 AM (in response to Marcos Gomez )Thank you! That works perfect.
I went back through my notes and I had tried that combination but had mistakenly added "=" after the second HasPrivilege. I wish I would have caught that a week ago. Oh well, it works now.
Is there a functional difference using "App*" vs "App_*,App.Object_*"?
-
Re: Security Rule to allow users to reload published apps
Marcos Gomez Aug 3, 2017 4:14 AM (in response to Lucien Thompson)"App*" is wider than the other options.
"App*" is for all resources types beginning with "App".
"App_*" is for all resources of the type "App"
"App.Object_*" is for all resources of the type "App.Object"
In this case, you can use at resource filter section the option "App*" or even only "App_*". "App.Object_*" is not necessary in this case and so, the users could not modify the script.
-
-
Re: Security Rule to allow users to reload published apps
Satoshi Nakamura Aug 6, 2017 9:11 PM (in response to Marcos Gomez )Hi, Marcos.
Thank you for the solution.
Just to make sure, is it for not Sense Desktop but Sense Desktop?
I mean the Reload extension doesn't work on Desktop June2017.
Thank you,
Satoshi
-
Re: Security Rule to allow users to reload published apps
KANCHANA DORAISWAMY Sep 8, 2017 2:59 AM (in response to Marcos Gomez )Hi Marcos,
What is the solution to make this work on QSense Desktop Version June 2017? Can you please guide us with the steps?
Thanks!
Kanchana
-
Re: Security Rule to allow users to reload published apps
Marcos Gomez Sep 11, 2017 3:18 AM (in response to KANCHANA DORAISWAMY)Sorry nakamurasatc and kanchanads for the delay to answer you.
This solution doesn't work on desktop versión, because there aren't Security Rules in this.
I didn't test the extension on this versión of Sense Desktop, so i don't know if there is any problem with it
On Sense Desktop, users have full access to all parts of App, so the problem has to be another.
-
-
Re: Security Rule to allow users to reload published apps
Pekka Kaikkonen Oct 12, 2017 8:01 AM (in response to Marcos Gomez )Hi
This works perfectly for me but other users get "reload failed" error. Have you an idea which could cause this? Other users got 'Access denied' error before the change in the security rule that you suggested above. So it seems that the other users have rights to do the reload but something happens.
Other users doesn't have admin rights. Qlik Sense version is 3.2 SR4.
-
Re: Security Rule to allow users to reload published apps
Sergio Otero Feb 21, 2018 12:30 PM (in response to Marcos Gomez )Thanks for your answer. It has helped us a lot.
Note: Edited by Community Moderator to include English translation as a courtesy.
- - -
Gracias por tu respuesta. Nos ha ayudado mucho.
-
-
-
Re: Security Rule to allow users to reload published apps
Lucien Thompson Oct 30, 2017 10:23 AM (in response to Lucien Thompson)Hello all,
I wanted to share my current rule. In hindsight it seems simple, but it took me a while to understand Qlik Sense rules enough to get this working.
Resource filter : App*
Actions : Read, Update
Conditions : ((resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) and (resource.@AppLevelMgmt.empty() or resource.@AppLevelMgmt=user.Group)) or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
Context : Only in hub
This rule is based on governed self service (GSS).
We replaced the default stream rule with this and use custom attributes to restrict specific apps to certain (AD) groups.
Checking "update" and removing "resource.objectType != "app_appscript"" from the GSS rule allows users to reload apps.