Find Answers
Qlik Community
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.
Join Us
Knowledge
Qlik Sense Security rule example: Extensions creation/update/delete rights
Article Number: 000063334 | Last Modified: 2019/01/30Description
This is a security rule example for extensions creation/update/delete rights.
Scenario:
User1 and User2 have a custom property "Profile" set to "Group1"
Each user should be able to modify the extension he creates himself.
Users in the same group should be able to view each other's extension.
Note: Mashup is a type of extension from a point of view of security rules in Qlik Sense and the rules described in this article apply to both mashups and extensions in the dev-hub.
Environments:
Scenario:
User1 and User2 have a custom property "Profile" set to "Group1"
Each user should be able to modify the extension he creates himself.
Users in the same group should be able to view each other's extension.
Note: Mashup is a type of extension from a point of view of security rules in Qlik Sense and the rules described in this article apply to both mashups and extensions in the dev-hub.
Environments:
- Qlik Sense February 2018 and later
Resolution
1. By default, any one can view all extensions. so you should disable the following rule:
Name: Extension
2. Create a custom property called "Profile" and create the value "Group1", the type is "Users". Assign the "Group1" to User1 and User2
3. Create a rule that gives read rights to extensions to Users that are in Group1
Name: ExtensionReadGroup
Resource filter: Extension_*
Actions: Read
Conditions: ((resource.owner.@Profile="Group1"))
Context: Both in hub and QMC
4. Create a rule that gives Update/Delete rights only for the owner of the extension (Extensions that the user created himself)
Name: ExtensionUpdateDeleteOwner
Resource filter: Extension_*
Actions: Update, Delete
Conditions: ((resource.owner=user.userid))
Context: Both in hub and QMC
5. Give users rights to create extensions for users in Group1
Name: ExtensionAnyoneCreate
Resource filter: Extension_*
Actions: Create
Conditions: ((user.@Profile="Group1"))
Context: Both in hub and QMC
This also requires Read rights on Extension templates (Create will not work if the user does not have access to the templates)
Name: ReadExtensionTemplates
Resource filter: Extension_*
Actions: Read
Conditions: ((resource.name like "*template*"))
Context: Both in hub and QMC
Name: Extension
2. Create a custom property called "Profile" and create the value "Group1", the type is "Users". Assign the "Group1" to User1 and User2
3. Create a rule that gives read rights to extensions to Users that are in Group1
Name: ExtensionReadGroup
Resource filter: Extension_*
Actions: Read
Conditions: ((resource.owner.@Profile="Group1"))
Context: Both in hub and QMC
4. Create a rule that gives Update/Delete rights only for the owner of the extension (Extensions that the user created himself)
Name: ExtensionUpdateDeleteOwner
Resource filter: Extension_*
Actions: Update, Delete
Conditions: ((resource.owner=user.userid))
Context: Both in hub and QMC
5. Give users rights to create extensions for users in Group1
Name: ExtensionAnyoneCreate
Resource filter: Extension_*
Actions: Create
Conditions: ((user.@Profile="Group1"))
Context: Both in hub and QMC
This also requires Read rights on Extension templates (Create will not work if the user does not have access to the templates)
Name: ReadExtensionTemplates
Resource filter: Extension_*
Actions: Read
Conditions: ((resource.name like "*template*"))
Context: Both in hub and QMC
Get Answers
Find Answers
Get Support
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.
Submit a case
Talk with a Representative
Critical Issues
Experiencing a serious issue, please contact us by phone. For Data Integration related issues please refer to your onboarding documentation for current phone number.
Call Us