How To Grant Users The Access To Data Model Viewer

When granting the user access to update the published app, the app owner can still access Data Model Viewer but all other users can not see Data Model Viewer. The expectation is all users can access Data Model Viewer with this access. This happens in June 2018 release.    

1.Created a role called "DataModelReader" then assign it to the user1 .

2.Created a security rule called 'ViewPublishedApp':

 Resource Filter: App_*

Actions: Update

Conditions: (resource.stream.name="Everyone")) and !user.IsAnonymous() and user.role="DataModelReader"

3.Applied this rule to Hub and QMC. 

4.Open the hub by administrator and User2.  Open the stream called "Everyone".  then the administrator can see the data model viewer but not user2

This is working as per design as the new decision is to disable the Data model viewer when the user doesn't have access to update the script. This is the expected result now.

So to be able to get it to work, Update privileges needs to be added not only to the App itself but also to the script. That can be done with something similar to this:

Resource Filter: App.Object_*

Actions: Update

Conditions: user.role = "DataModelReader" and resource.resourcetype = "app_appscript"