Conditions (Advanced view)
Define the resource and/or user conditions that the rule should apply to.
Syntax
resource.resourcetype = <resourcetypevalue> [OPERATOR resource.<property> = <propertyvalue> [OPERATOR resource.<property> = <propertyvalue> ...]]
A simple condition would only consist of the first part: resource.resourcetype = <resourcetypevalue>. The succeeding operators, properties, and property values in the example above are optional.
If you select a resource and a resource condition from the drop-down list in the Basic view, the Conditions field in the Advanced view is automatically filled in with corresponding code for the selected resource type.
Conditions are defined using property-value pairs. You are not required to specify resource or user conditions. In fact, you can leave the Conditions field empty.
The order that you define conditions does not matter. This means that you can define the resources first and then the user and/or resource conditions or the other way round. However, it is recommended that you are consistent in the order in which you define resources and conditions as this simplifies troubleshooting.
To enable synchronization between the Basic and Advanced sections (so called backtracking), extra parentheses are added to conditions created using the Basic section. Similarly, a user definition with an empty condition is automatically included in the Conditions text field if you add a resource using the Basic section. However, if you create your rule using the Advanced section only, and do not need backtracking, you do not need to follow these conventions.
Arguments
Argument | Description |
---|---|
resource | Implies that the conditions will be applied to a resource. |
resourcetype |
Implies that the conditions will be applied to a resource of the type defined by the resourcetypevalue. You can also use predefined functions for conditions to return property values. |
resourcetypevalue | Value used in the condition to find matches or non-matches, depending on what operator that is used (=, !=, or like). You must provide at least one resource type value. |
property |
The property name for the resource condition. See Properties for available names. |
propertyvalue | The value of the selected property name. |
user | Implies that the conditions will be applied to a user. |
Properties
The following property groups are available.
General
Property | Description | Example |
---|---|---|
resource.@<customproperty> | Custom property associated with the resource. In the examples, @Department is the custom property name. | resource.@Department = Finance. resource.@Department = user.userDirectory |
resource.name | Name of the resource. | resource.name like "*US*". A string containing "US" will match the condition. |
resource.id | ID of the resource. | resource.id=5dd0dc16-96fd-4bd0-9a84-62721f0db427 The resource in this case is an app. |
Resource user and owner of an object
Property | Description | Example |
---|---|---|
user.email
owner.email |
Email of the user. Email of the owner. |
user.email="user@domain.com"
owner.email="owner@domain.com" |
user.environment.browser | Session based attribute for browser. Use the "like" operator instead of the "=" operator, because the browser data is sent in a format that includes version and other details, for example: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0". You can use the "=" operator instead, but then you need to specify the whole value. | user.environment.browser like "*Firefox*" |
user.environment.context | Session based attribute for context. (The QMC has a separate setting for context.) | user.environment.context="Management Access" |
user.environment.device | Session based attribute for device. | user.environment.device="iPhone" |
user.environment.ip |
Session based attribute for IP address. |
|
user.environment.os | Session based attribute for operating system. | user.environment.os like "Windows*" |
user.environment.secureRequest | Session based attribute for secureRequest. Value true - if SSL is used - otherwise false. | user.environment.secureRequest="true" |
user.environment.[SAML attribute] |
Session based attribute that is supplied at the time of authentication, such as user.environment.group. |
user.environment.xxx="<attribute name>" |
user.environment.[ticket attribute] |
Session based attribute that is supplied at the time of authentication, such as user.environment.group. |
user.environment.xxx="<attribute name>" |
user.environment.[session attribute] |
Session based attribute that is supplied at the time of authentication, such as user.environment.group. |
user.environment.xxx="<attribute name>" |
user.group
owner.group |
Group that the user belongs to.
Group that the owner belongs to. |
user.group=resource.app.stream.@AdminGroup owner.group=@Developers |
user.userdirectory
owner.userdirectory |
User directory that the user belongs to.
User directory that the owner belongs to. |
user.userdirectory="Employees" owner.userdirectory="Employees" |
user.userId
owner.userId |
ID of the user.
ID of the owner. |
user.userId="<userID>" owner.userId="<ownerID>" |
user.roles
owner.roles |
Roles of the user.
Roles of the owner. |
user.roles="AuditAdmin" owner.roles="SystemAdmin" |
To use the user.environment conditions, you must enable Extended security environment in the virtual proxy.
See: Virtual proxies
Resource app
Property | Description | Example |
---|---|---|
stream.name | Name of the stream that the app is published to. |
stream.name="Finance" |
Resource app.object
Property | Description | Example |
---|---|---|
app.stream.name | Name of the stream that the app object is published to. |
app.stream.name="Test" |
app.name | Name of the app that the object is part of. |
app.name="Q3_Report" |
approved | Indicator of whether the object was part of the original app when the app was published. Values: true or false. |
resource.approved="true" |
description | Object description. |
resource.description="old" |
objectType |
Possible values:
|
resource.objectType="sheet" |
published | Indicator of whether the object is published. Values: true or false. |
resource.published="false" |
Resource related to apps such as app.content and reloadtask
Property | Description | Example |
---|---|---|
app.stream.name | Name of the stream that the app is published to. |
app.stream.name="Test" |
app.name | Name of the app. |
app.name="Q3_Report" |
Resource DataConnection
Property | Description | Example |
---|---|---|
Type |
Type of data connection. Possible values:
|
resource.type!="folder" |
Resource SystemRule
Property | Description | Example |
---|---|---|
Category |
System rule category. Possible values:
|
resource.category="license" |
ResourceFilter | Resource filter of the rule. | resource.resourcefilter matches "DataConnection_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}" |
RuleContext |
Context for the rule. Possible values:
|
resource.rulecontext="BothQlikSenseAndQMC" |
Type |
Type of rule. Possible values:
|
resource.type!="custom" |
Resource ContentLibrary
Property | Description | Example |
---|---|---|
Type |
Possible values:
|
resource.type="media" |
Resource ServerNodeConfiguration
Property | Description | Example |
---|---|---|
IsCentral |
Central node indicator, values: true or false. |
resource.iscentral="true" |
nodePurpose | Node purpose: development or production. |
resource.nodepurpose="production" |
Resource UserDirectory
Property | Description | Example |
---|---|---|
userDirectoryName |
Name of the user directory. |
resource.userDirectoryname="Employees" |
Resource UserSyncTask
Property | Description | Example |
---|---|---|
userDirectory.name |
Name of the user directory connector. |
resource.userDirectory.name="Employees" |
userDirectory.userDirectoryName |
Name of the user directory. |
userDirectory.userdirectoryname="Employees" |
Resource Widget
Property | Description | Example |
---|---|---|
library.name |
Name of the library that the widget belongs to. |
resource.library.name="Dev" |
Examples and results
Example | Result |
---|---|
Resource filter: App* Conditions: resource.resourcetype="App" and (resource.name like "*") |
The rule will apply to all apps. Tip noteThe same rule can be defined by simply setting the Resource field to App* and leaving the Conditions field empty.
|
Resource filter: App* or App.Object* or Stream* Conditions: resource.resourcetype="App" or resource.resourcetype="Stream" or (resource.resourcetype="App.Object" and resource.objectType="sheet") and resource.name like "My*" |
The rule will apply to all apps, streams and sheets that have names beginning with "My". |
resource.resourcetype="ServerNodeConfiguration" and (resource.@Department="Finance") | The rule will apply to all nodes with the custom property Department set to Finance. |
resource.resourcetype="ServerNodeConfiguration" and !(resource.@Department="Finance") | The rule will apply to all nodes except the nodes with custom property Department set to Finance. |
With Resource filter = resource.resourcetype="App.Object" and (((resource.objectType="sheet" or resource.objectType="story")) and ((user.name="Myname"))) |
The rule will apply to all apps, sheets, stories and the user with the name MyName. |
With Resource filter=Stream_* user.@Department="Finance" and !user.IsAnonymous() |
The rule will apply to all streams and users with the custom property Department set to Finance given that the user is not logged in as anonymous. |
With Resource filter=* and Conditions field empty |
This rule will apply to all resources and all users. |
user.name="MyUserName" |
The rule will apply to the user with the user name MyUserName. Tip noteTry as much as possible not to create rules that apply to individuals. Use group memberships, user roles or custom properties to apply rules to groups of users.
|
user.group="DL-MyDepartment" | The rule will apply to all members of the distribution group MyDepartment. |
user.@Department="Sales" | The rule will apply to all users with the custom property @Department set to Sales. |
user.roles="Developer" |
The access rights defined in the Resource, Conditions and Actions field will be applied to the user role Developer. This role will now be available from the Roles drop-down list in the User edit page. |
resource.resourcetype="App" and resource.name="My*" and user.role="QlikSenseAdmin" |
The user.role can also be used together with an operator to specify that the rule applies if the user has the specified user role. |
user.environment.os="Windows" | The rule will be applied to all external environments with operating system = Windows. |