22 Replies Latest reply: Oct 13, 2017 9:32 AM by Aehman K RSS

    User permissions

    Suman Dusa

      Hi Community,

       

      I have given a login access rule for some list of users.

       

      each user is able to create their own application by creating their own data connections. How to restrict users to not to create applications and to only read the applications?

       

      Please help me on this.

       

      regards

      suman

        • Re: User permissions
          Mark Ritter

          You would need to modify or create security rules assuming you have Enterprise.

          • Re: User permissions
            Aehman K

            Check read only on the stream from QMC.

            Can you paste screenshot of the security rule assigned to this particular stream?

              • Re: User permissions
                Suman Dusa

                i have observed that, the users have assigned with access passes and not having any security rule also could able to create applications by creating their own data connections. How come this happens? I dont think any global security rule defined in such a way that every user can create applications.

                  • Re: User permissions
                    Aehman K

                    I agree, by default Qlik Sense doesn't allow users to create their own Data Connections.

                    For Login Pass/Tokens you'll have security rules defined once you add them to stream. Check your QMC>Security Rules> Stream Name you've assigned

                    Check the rights they have, they should only have read rights.

                    Also check Create Data Connection security rule in same window....

                    It would be helpful if you take a screen shot of your Security rule window and paste it here.

                      • Re: User permissions
                        Mark Ritter

                        I could be wrong.  But I thought that out of the box users can create data connections but not ones that use folders.

                         

                        If they create one it will be assigned their name as owner and they will be the only ones that can see it.

                          • Re: User permissions
                            Aehman K

                            I'm a novice in QS Admin rules but..

                            As far as I know the users assigned login pass or tokens have same rules. Unless someone has disabled the Data Connection rule and made their own. Which would also require to disable the default Stream rule from QS.

                             

                            By default a user may get access to create sheets when 'write' checkbox is on but I'm sure they would not be able to open a script editor/create new objects.

                            That is a best way to check which user has DC under their name as you mentioned...

                            Maybe Suman should open the Data Connection option while in QMC to check the owner... except Admin(s), no one should be able to.

                            It would be helpful if he paste screenshots of his Default Stream, Data Connection and Created Stream rule here.

                          • Re: User permissions
                            Suman Dusa

                            SecurityRule.png

                      • Re: User permissions
                        Andrea Gigliotti

                        in any case regarding security rules i kindly suggest you to use "Audit" on QMC.

                        In this way you can check everything and understand why what you saying is happening.