In a particular Qlik Sense use case, a visualization extension has been implemented that presents a button to the user that allows any user with access to that sheet to reload the app.
This button uses the Capability (App) API qlik.app.doReload()
method in order to perform the reload.
This app has been published and is accessible to the intended users.
The issue is that this only works for the app-owner; all other intended users are presented with an "Access is Denied" message after they've pressed the button and the app is not reloaded.
If one examines the AuditActivity_Engine logs after the error message is presented then you can see more information about the error; one can see that Access is Denied specifically for "Script access denied". This means that this user does not have access to the App's objects, so granting read access to App.Object_someguid will grant this user the needed permissions.
Implement a security rule that grants READ access to the App.Object_someguid.NOTE
: Demonstration purposes ONLY. The below rule grants access to ALL app objects for a specific user and is not scoped to a specific object; do not use in production.