22 Replies Latest reply: Oct 13, 2017 9:32 AM by S Khan RSS

    User permissions

    Suman Dusa

      Hi Community,

       

      I have given a login access rule for some list of users.

       

      each user is able to create their own application by creating their own data connections. How to restrict users to not to create applications and to only read the applications?

       

      Please help me on this.

       

      regards

      suman

        • Re: User permissions
          Mark Ritter

          You would need to modify or create security rules assuming you have Enterprise.

          • Re: User permissions
            S Khan

            Check read only on the stream from QMC.

            Can you paste screenshot of the security rule assigned to this particular stream?

              • Re: User permissions
                Suman Dusa

                i have observed that, the users have assigned with access passes and not having any security rule also could able to create applications by creating their own data connections. How come this happens? I dont think any global security rule defined in such a way that every user can create applications.

                  • Re: User permissions
                    S Khan

                    I agree, by default Qlik Sense doesn't allow users to create their own Data Connections.

                    For Login Pass/Tokens you'll have security rules defined once you add them to stream. Check your QMC>Security Rules> Stream Name you've assigned

                    Check the rights they have, they should only have read rights.

                    Also check Create Data Connection security rule in same window....

                    It would be helpful if you take a screen shot of your Security rule window and paste it here.

                      • Re: User permissions
                        Mark Ritter

                        I could be wrong.  But I thought that out of the box users can create data connections but not ones that use folders.

                         

                        If they create one it will be assigned their name as owner and they will be the only ones that can see it.

                          • Re: User permissions
                            S Khan

                            I'm a novice in QS Admin rules but..

                            As far as I know the users assigned login pass or tokens have same rules. Unless someone has disabled the Data Connection rule and made their own. Which would also require to disable the default Stream rule from QS.

                             

                            By default a user may get access to create sheets when 'write' checkbox is on but I'm sure they would not be able to open a script editor/create new objects.

                            That is a best way to check which user has DC under their name as you mentioned...

                            Maybe Suman should open the Data Connection option while in QMC to check the owner... except Admin(s), no one should be able to.

                            It would be helpful if he paste screenshots of his Default Stream, Data Connection and Created Stream rule here.

                          • Re: User permissions
                            Suman Dusa

                            SecurityRule.png

                              • Re: User permissions
                                S Khan

                                Ok, so default stream is disabled in your case and custom property has been created...

                                Uncheck the 'Publish' option in Basic and just allow them to read.

                                Can you also check the list of Disabled Security rules by filtering on the top right when you are in Security Rules window?

                                Check if Data Connection rule is disabled and if someone has created a new rule?

                                • Re: User permissions
                                  S Khan

                                  Oh and in Custom property for 'UserGroups' see if you have checked the Data Connection box by mistake...

                                  When you create custom property for Stream it should only be Stream and Users

                                  For Apps, App and Users

                                  For Users, only Users should be checked

                          • Re: User permissions
                            Andrea Gigliotti

                            in any case regarding security rules i kindly suggest you to use "Audit" on QMC.

                            In this way you can check everything and understand why what you saying is happening.