
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Rule Example: How to show data model viewer for published apps
Jan 30, 2023 4:32:55 AM
May 26, 2017 6:31:17 AM
How To Grant Users The Access To Data Model Viewer.
With default security rules and settings, users can not see the data model for published apps. However, we can achieve this by creating/updating security rules through the Qlik Sense Management Console.
Resolution
Option 1: Create a new Security Rule
- Go to the Qlik Sense Management Console
- Open Security Rules
- Click Create new
- Create the following rule:
- Name = DataModelViewers
- Description = A description of your choice.
- Resource filter = App_*
- Actions = "Read","Update"
- Conditions = Users of your choice or a previously defined role you will tag the users with.
- Context = Both in hub and QMC or Only in hub
- Click Apply
Option 2: Tagging users as ContentAdmins
This requires a rework of the ContentAdmin rule and will provide far more permissions to users than Option 1. See ContentAdmin for details on what a ContentAdmin is allowed to do.
- Tag the users you want to be able to see data models with the ContentAdmin role.
- Go to the Security Rules
- Locate the default ContentAdmin rule and open it
- Modify the rule by changing QMC only to Both in hub and QMC
- Click Apply

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Andre
With this solution, DatamodelsViewers can also update apps properties (add custom properties) and modify app Name and description in hub for pûblished apps.
It is possible to limit the rules to the data model button ?
Thanks
MN


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I'm also finding this rule allows access to all dashboards in the hub. This is not good for data security. Is there a way around this?

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @mgranillo
For further customization of security rules, I would recommend posting this query over in the Qlik Sense Deployment and Management forums.
All the best,
Sonja


- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you. I've posted a question in that forum. For anyone that comes across this, we are having this issue because we have app level security in place.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
This is not really clear on what part of the security rule actually grants access to the Data Model Viewer.
Could those details be added?
What part of Content Admin rules actually allows the data model viewer to work in the hub?
If it was desired to grant this view, without using content admin role (which is very plausible as content admin has tremendous power in qmc) - how could this be done?
This post, as is, begs the question of what conditions and objects control the data model viewer.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @Ken_T
I clarified the article, but am having the rule specifically created for this purpose verified by an SME as well (my tests came back OK, so it works).
To answer your question, it's this bit:
- Resource filter = App_*
- Actions = "Read","Update"
All the best,
Sonja

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I assume this would be used in conjuction with
Resouce filter = App.Object_* and Condition resource.objectType = "loadmodel".
Please confirm.
Thanks,
Telmo