2 Replies Latest reply: Jun 13, 2018 6:46 AM by kaan erisen RSS

    Insufficient privileges for Stream Admin rule

    Artjoms Tukums

      Hi everybody,


      A goal - to have a stream where user group can publish, delete, duplicate apps. It will be something like a testing space for local developers.


      What was done..

      1. Security rule for Stream administrators

      Name: cust_StreamAdmin

      Resource filter: Stream_*,App*

      Actions: Create, Read, Update, Delete, Export, Publish, Change owner, Export data

      Conditions: ((user.roles="cust_StreamAdmin")) and ((resource.name="Testing stream"))

      Context: Both in hub and QMC


      2. Assign rule cust_StreamAdmin to user

      3. Security rule for visualizing QMC sections for StreamAdmins

      Name: cust_StreamAdmin_QmcSections

      Resource filter: QmcSection_Stream,QmcSection_App,QmcSection_App.Object,QmcSection_DataConnection,QmcSection_Task,QmcSection_Event,QmcSection_SchemaEvent,QmcSection_CompositeEvent,QmcSection_ReloadTask,QmcSection_UserSyncTask

      Actions: Create, Read, Update Delete

      Conditions: ((user.roles="cust_StreamAdmin"))

      Context: Both in hub and QMC

      So it is possible to publish app from Work stream to Testing stream but it is not possible to republish (update app), duplicate or delete.

      The delete button is disabled and for republish action I got an error "The operation failed due to insufficient privilege"


      What I'm doing wrong???


      Please help




        • Re: Insufficient privileges for Stream Admin rule
          poppy pearce



          There is a Default Security Rule called "OwnerPublishDuplicate". This Rule will enable all the app owners to publish the app, you can edit this rule and enable Delete option in this rule to enable App owners to Delete the App.


          But before editing the default Security Rules please take a backup of the rule, later you can replace if you want.




          • Re: Insufficient privileges for Stream Admin rule
            kaan erisen

            Hi Artjoms,


            Conditions: ((user.roles="cust_StreamAdmin")) and ((resource.name="Testing stream")) mean you can make specifed actions on resources which name is "Testing stream". But I assume none of your apps have that name , So that is not valid for the apps.


            You can try like this:


            Conditions: ((user.roles="cust_StreamAdmin")) and ((resource.type="Stream" and resource.name="Testing stream") or resource.type like "App*")