Conditions (Advanced view)

Define the resource and/or user conditions that the rule should apply to.

Syntax

resource.resourcetype = <resourcetypevalue> [OPERATOR resource.<property> = <propertyvalue> [OPERATOR resource.<property> = <propertyvalue> ...]]

A simple condition would only consist of the first part: resource.resourcetype = <resourcetypevalue>. The succeeding operators, properties, and property values in the example above are optional.

If you select a resource and a resource condition from the drop-down list in the Basic view, the Conditions field in the Advanced view is automatically filled in with corresponding code for the selected resource type.

Conditions are defined using property-value pairs. You are not required to specify resource or user conditions. In fact, you can leave the Conditions field empty.

The order that you define conditions does not matter. This means that you can define the resources first and then the user and/or resource conditions or the other way round. However, it is recommended that you are consistent in the order in which you define resources and conditions as this simplifies troubleshooting.

When using multiple conditions, you can group two conditions by clicking Group. After the conditions have been grouped, you have the option Ungroup. Additional subgrouping options are Split and Join. The default operator between conditions is OR. You can change this in the operator drop-down list. Multiple conditions are grouped so that AND is superior to OR.

To enable synchronization between the Basic and Advanced sections (so called backtracking), extra parentheses are added to conditions created using the Basic section. Similarly, a user definition with an empty condition is automatically included in the Conditions text field if you add a resource using the Basic section. However, if you create your rule using the Advanced section only, and do not need backtracking, you do not need to follow these conventions.

Arguments

Argument Description
resource Implies that the conditions will be applied to a resource.
resourcetype

Implies that the conditions will be applied to a resource of the type defined by the resourcetypevalue.

You can also use predefined functions for conditions to return property values.

resourcetypevalue Value used in the condition to find matches or non-matches, depending on what operator that is used (=, !=, or like). You must provide at least one resource type value.
property

The property name for the resource condition. See Properties for available names.

propertyvalue The value of the selected property name.
user Implies that the conditions will be applied to a user.

Properties

The following property groups are available.

General

Property Description Example
resource.@<customproperty> Custom property associated with the resource. In the examples, @Department is the custom property name. resource.@Department = Finance.

resource.@Department = user.userDirectory

resource.name Name of the resource. resource.name like "*US*". A string containing "US" will match the condition.
resource.id ID of the resource. resource.id=5dd0dc16-96fd-4bd0-9a84-62721f0db427 The resource in this case is an app.

Resource user and owner of an object

Property Description Example
user.email

owner.email

Email of the user.

Email of the owner.

user.email="user@domain.com"

owner.email="owner@domain.com"

user.environment.browser Session based attribute for browser. Use the "like" operator instead of the "=" operator, because the browser data is sent in a format that includes version and other details, for example: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0". You can use the "=" operator instead, but then you need to specify the whole value. user.environment.browser like "*Firefox*"
user.environment.context Session based attribute for context. (The QMC has a separate setting for context.) user.environment.context="Management Access"
user.environment.device Session based attribute for device. user.environment.device="iPhone"
user.environment.ip

Session based attribute for IP address.

Security rules example: Access to stream by IP address

user.environment.os Session based attribute for operating system. user.environment.os like "Windows*"
user.environment.secureRequest Session based attribute for secureRequest. Value true - if SSL is used - otherwise false. user.environment.secureRequest="true"
user.environment.[SAML attribute]

Session based attribute that is supplied at the time of authentication, such as user.environment.group.

user.environment.xxx="<attribute name>"
user.environment.[ticket attribute]

Session based attribute that is supplied at the time of authentication, such as user.environment.group.

user.environment.xxx="<attribute name>"
user.environment.[session attribute]

Session based attribute that is supplied at the time of authentication, such as user.environment.group.

user.environment.xxx="<attribute name>"
user.group

owner.group

Group that the user belongs to.

Group that the owner belongs to.

user.group=resource.app.stream.@AdminGroup

owner.group=@Developers

user.userdirectory

owner.userdirectory

User directory that the user belongs to.

User directory that the owner belongs to.

user.userdirectory="Employees"

owner.userdirectory="Employees"

user.userId

owner.userId

ID of the user.

ID of the owner.

user.userId="<userID>"

owner.userId="<ownerID>"

user.roles

owner.roles

Roles of the user.

Roles of the owner.

user.roles="AuditAdmin"

owner.roles="SystemAdmin"

Note:

To use the user.environment conditions, you must enable Extended security environment in the virtual proxy.

See: Virtual proxies

Resource app

Property Description Example
stream.name Name of the stream that the app is published to.

stream.name="Finance"

Resource app.object

Property Description Example
app.stream.name Name of the stream that the app object is published to.

app.stream.name="Test"

app.name Name of the app that the object is part of.

app.name="Q3_Report"

approved Indicator of whether the object was part of the original app when the app was published. Values: true or false.

resource.approved="true"

description Object description.

resource.description="old"

objectType

Possible values:

  • app_appscript
  • dimension
  • embeddedsnapshot
  • genericvariableentry

  • hiddenbookmark
  • masterobject
  • measure
  • odagapplink
  • sheet
  • snapshot
  • story
  • bookmark

resource.objectType="sheet"

published Indicator of whether the object is published. Values: true or false.

resource.published="false"

Resource related to apps such as app.content and reloadtask

Property Description Example
app.stream.name Name of the stream that the app is published to.

app.stream.name="Test"

app.name Name of the app.

app.name="Q3_Report"

Resource DataConnection

Property Description Example
Type

Type of data connection.

Possible values:

  • OLEDB
  • ODBC
  • Folder
  • Internet
  • Custom (for all custom connectors)

resource.type!="folder"

Resource SystemRule

Property Description Example
Category

System rule category.

Possible values:

  • Security
  • License
  • Sync

resource.category="license"

ResourceFilter Resource filter of the rule. resource.resourcefilter matches "DataConnection_\w{8}-\w{4}-\w{4}-\w{4}-\w{12}"
RuleContext

Context for the rule.

Possible values:

  • BothQlikSenseAndQMC
  • QlikSenseOnly
  • QMCOnly

resource.rulecontext="BothQlikSenseAndQMC"

Type

Type of rule.

Possible values:

  • Default
  • Read only
  • Custom

resource.type!="custom"

Resource ContentLibrary

Property Description Example
Type

Possible values:

  • media

resource.type="media"

Resource ServerNodeConfiguration

Property Description Example
IsCentral

Central node indicator, values: true or false.

resource.iscentral="true"

nodePurpose Node purpose: development or production.

resource.nodepurpose="production"

Resource UserDirectory

Property Description Example
userDirectoryName

Name of the user directory.

resource.userDirectoryname="Employees"

Resource UserSyncTask

Property Description Example
userDirectory.name

Name of the user directory connector.

resource.userDirectory.name="Employees"

userDirectory.userDirectoryName

Name of the user directory.

userDirectory.userdirectoryname="Employees"

Resource Widget

Property Description Example
library.name

Name of the library that the widget belongs to.

resource.library.name="Dev"

Note: Environment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?