Security rules example: Access to stream by user attributes
In this example, you create access rights to a specific stream by using the user attributes that are retrieved from ticket authentication or session and SAML attributes.
How to add a ticket: Add ticket
How ticket attributes are sent: X-Qlik-Security header
Procedure
Do the following:
-
Select Security rules and click Create new.
-
The resource filter for the rule should be set to filter on a specific stream.
In the Advanced section, fill in the Resource filter field with text as per Security rule code.
-
You now need to set the conditions to specify the users that the rule applies to.
In the Advanced section, fill in the Conditions field with text as per Security rule code.
-
Set the actions that the rule should provide.
In the Basic section, select Actions as per Security rule code.
-
Type a name for the security rule in the Name field.
-
Click Apply.
You have now created access to a specific stream based on ticket authentication user attributes.
Security rule code
The following is the security rule code for this example, with explanatory comments.
Field | Code | Comments |
---|---|---|
Resource filter | Stream_<GUID> |
Specifically filters on the stream with a specific GUID. |
Conditions | resource.resourcetype="Stream" and (user.environment.<Attribute1>="<Value1a>") |
resource.resourcetype="Stream" The rule applies to streams. (user.environment.<Attribute1>="<Value1a>") The rule applies to the users where the attribute equals the value. |
Actions | read |
Read actions will be granted provided that the conditions are met. |