0 Replies Latest reply: Jan 11, 2018 4:30 AM by Simone Trabattoni RSS

    Security rules, problem

    Simone Trabattoni

      Hi community,

       

      I'm facing the Security rules in Qlik Sense, and I'm not having the result I want.

      I've read this

       

      Sheet level Section Access in Qlik Sense ??

      Qlik Sense Security Rule List (v1.1).pdf

       

      and other sources, but I've some problem. Here my situation.

      I've three level of user, a,b,c, and four streams, 1,2,3,4.

       

      The users a can see 1,2,3,4 streams and all the apps in.

      The users b can see 1,2,3 streams and all the apps in.

      The users c can see 1 streams, all the apps in, but not a certain sheet.

       

      I've worked this way:

      In the custom properties I've set group as the level of the users, as a property of the users.

      In the custom properties I've set apps as the name of the streams of the app, so each app of each streams, belongs to  the group of the app 1,2,3,4 namely as the stream.

       

      Then I've disabled the Stream security rules, the rules that allow to see automatically resources if you are allowed to see the the stream.

      I managed to create my security tules

       

      - if you belong to the group a, you can see the stream 1,2,3,4. Type of the rule: stream

      ((resource.name="1" and resource.name="2" and resource.name="3" and resource.name="4" or user.@group="a"))

       

      - if you belong to the group b, you can see the stream 1,2,3.Type of the rule: stream

      ((resource.name="1" or resource.name="2" or resource.name="3" )) and ((user.@gerarchia="b"))


      - if you belong to the group c, you can see the stream 1.Type of the rule: stream

      ((resource.name="1" or user.@group="c"))

       

      - if you belong to the group a, you can see the apps in the group 1,2,3,4.Type of the rule: app

      ((user.@group="a") or (resource.@apps="1" and resource.@apps="c2" and resource.@apps="3" and resource.@apps="4"))

       

      - if you belong to the group b, you can see the apps in the group 1,2,3.Type of the rule: app

      ((user.@group="beta") or (resource.@apps="1" and resource.@apps="2" and resource.@apps="3"))


      - if you belong to the group c, you can see the apps in the group 1.Type of the rule: app

      ((user.@group="c") and (resource.@apps="1"))


      Till here, in the audit, everythings works fine. The problem is: all the users can see all the sheets in each app that are allowes to see, except the users c, whom cannot see sheetNO in the app 1.

      I've tried something like:


      ((user.@group="c" and resource.name="sheetNO"))

      ((user.@group="c" and resource.name!="sheetNO"))


      But it does not work. Also, all the other users have the READ in yellow: should I make explicit the read privilege of each sheet? Is there a workaround?