Conditions (Advanced view)

Define the resource and/or user conditions that the rule should apply to.

Syntax:

[resource.resourcetype = "resourcetypevalue"] [OPERATOR] [(((<resource.property = propertyvalue) [OPERATOR (resource.property = propertyvalue)))]

If you select a resource and a resource condition from the drop-down list in the Basic view, the Conditions field in the Advanced view is automatically filled in with corresponding code for the selected resource type.

Conditions are defined using property-value pairs. You are not required to specify resource or user conditions. In fact, you can leave the Conditions field empty.

The order that you define conditions does not matter. This means that you can define the resources first and then the user and/or resource conditions or the other way round. However, it is recommended that you are consistent in the order in which you define resources and conditions as this simplifies troubleshooting.

When using multiple conditions, you can group two conditions by clicking Group. After the conditions have been grouped, you have the option Ungroup. Additional subgrouping options are Split and Join. The default operator between conditions is OR. You can change this in the operator drop-down list. Multiple conditions are grouped so that AND is superior to OR.

To enable synchronization between the Basic and Advanced sections (so called backtracking), extra parenthesis are added to conditions created using the Basic section. Similarly, a user definition with an empty condition is automatically included in the Conditions text field if you add a resource using the Basic section. However, if you create your rule using the Advanced section only, and do not need backtracking, you do not need to follow these conventions.

Arguments:

Argument	Description
resource	Implies that the conditions will be applied to a resource.
resourcetype	Implies that the conditions will be applied to a resource of the type defined by the resourcetypevalue. You can also use predefined functions for conditions to return property values.
resourcetypevalue	You must provide at least one resource type value.
property	The property name for the resource condition. See Properties: for available names.
propertyvalue	The value of the selected property name.
user	Implies that the conditions will be applied to a user.

Properties:

Property name	Description
@<customproperty>	The custom property associated with the resource.
resource.@<customproperty>	The custom property associated with the resource.
app.name	The name of the associated app.
app.owner.@<customproperty>	The custom property associated to the stream of an app. See corresponding owner property for description.
app.owner.email	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.browser	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.context	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.device	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.ip	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.os	Owner property associated with the app. See corresponding owner property for description.
app.owner.environment.secureRequest	Owner property associated with the app. See corresponding owner property for description.
app.owner.group	Owner property associated with the app. See corresponding owner property for description.
app.owner.name	The user name of the owner of the resource.
app.owner.userDirectory	The user directory of the owner of the resource
app.owner.userId	The user id of the owner of the resource
app.stream.@<customproperty>	Owner property associated with the app. See corresponding owner property for description.
app.stream.name	The name of the associated stream.
category	The system rule category: License, Security, or Sync.
description	The description of the owner retrieved from the user directory.
email	The email addresses that are available from the connected user directories.
environment.browser	Security rule will be applied to the type of browser. Supported browsers: Chrome, Firefox, Safari, MSIE, or Unknown. Example 1: Define browser and version: Firefox 22.0 Chrome 33.0.1750.154 Information note If the browser information contains a slash (/), replace it with a space. Example 2: Use the wildcard () to include all versions of the browser: environment.browser like Chrome
environment.context	Security rule will be applied only to the Qlik Sense environment that the call originates from. Available preset values: ManagementAccess or AppAccess.
environment.device	Security rule will be applied to the type of device. Available preset values: iPhone, iPad, or Default.
environment.ip	Security rule will be applied to an IP number.
environment.os	Security rule will be applied to the type of operating system. Available preset values: Windows, Linux, Mac OS X or Unknown.
environment.secureRequest	Security rule will be applied to the type of request. Available preset values: SSL True or False.
group	The group memberships of the owner retrieved from the user directory.
roles	A role that is associated with the user.
name	The name of the resource or user.
objectType	The type of app object. Available preset values: story, masterobject, properties, sheet, dimension.
owner.@<customproperty>	The custom property associated with the owner of the resource.
owner.description	The description of the owner retrieved from the user directory.
owner.email	The email of the owner retrieved from the user directory.
owner.environment.browser	The browser environment of the owner of the resource.
owner.environment.context	Security rule will be applied only to the Qlik Sense environment that the call originates from. Available preset values: ManagementAccess or AppAccess.
owner.environment.device	The device environment of the owner of the resource.
owner.environment.ip	The IP environment of the owner of the resource.
owner.environment.os	The OS environment of the owner of the resource.
owner.environment.secureRequest	Indicates if the sent request is encrypted or not, that is using SSL or not (True or False).
owner.group	The group memberships of the owner retrieved from the user directory.
owner.name	The user name of the owner of the resource.
owner.userDirectory	The user directory of the owner of the resource
owner.userId	The user id of the owner of the resource.
published	The status of the app object.
resourceFilter	The existing resource definitions (from the Resource column in the security rules overview).
ruleContext	Specifies where the rule is applied: Both in hub and QMC, Only in hub, or Only in QMC.
stream.@<customproperty>	The custom property associated with the stream.
stream.name	The name of the associated stream.
type	The type of security rule or data connection.
userid	A user’s ID.
userdirectory	The name of a user directory.
userDirectory.name	The name of the user directory connection that the user sync task applies to.
userDirectory.userDirectoryName	The name of the user directory that the user directory connector is connected to.
userDirectoryName	The name of the user directory connection in the QMC.

Environment data received from external calls, for example, type of OS or browser, is not secured by the Qlik Sense system.

Example	Result
Resource filter: App* Conditions:resource.resourcetype="App" and (resource.name like "*")	The rule will apply to all apps. Tip noteThe same rule can be defined by simply setting the Resource field to App* and leaving the Conditions field empty.
Resource filter: App* or App.Object* or Stream* Conditions:resource.resourcetype="App" or resource.resourcetype="Stream" or (resource.resourcetype="App.Object" and resource.objectType="sheet") and resource.name like "My*"	The rule will apply to all apps, streams and sheets that have names beginning with "My".
resource.resourcetype="ServerNodeConfiguration" and (resource.@Geographies="Canada")	The rule will apply to all nodes with the custom property Geographies set to Canada.
resource.resourcetype="ServerNodeConfiguration" and !(resource.@Geographies="Canada")	The rule will apply to all nodes except the nodes with custom property Geographies set to Canada.
With Resource filter = resource.resourcetype="App.Object" and (((resource.objectType="sheet" or resource.objectType="story")) and ((user.name="Myname")))	The rule will apply to all apps, sheets, stories and the user with the name MyName.
With Resource filter=Stream_* user.@Geographies="Canada" and !user.IsAnonymous()	The rule will apply to all streams and users with the custom property Geographies set to Canada given that the user is not logged in as anonymous.
With Resource filter=* and Conditions field empty	This rule will apply to all resources and all users.
user.name="MyUserName"	The rule will apply to the user with the user name MyUserName. Tip noteTry as much as possible not to create rules that apply to individuals. Use group memberships, user roles or custom properties to apply rules to groups of users.
user.group="DL-MyDepartment"	The rule will apply to all members of the distribution group MyDepartment.
user.@Department="Sales"	The rule will apply to all users with the custom property @Department set to Sales.
user.roles="Developer"	The access rights defined in the Resource, Conditions and Actions field will be applied to the user role Developer. This role will now be available from the Roles drop-down list in the User edit page.
resource.resourcetype="App" and resource.name="My*" and user.role="QlikSenseAdmin"	The user.role can also be used together with an operator to specify that the rule applies if the user has the specified user role.
user.environment.os="Windows"	The rule will be applied to all external environments with operating system = Windows.

Learn more

Operators and functions for conditions

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here