Custom Properties Explained
Qlik Sense Security
Overview
So far in this course, you've learned that security rules only grant access and never restrict access and we covered four components of a security rule. As a review, the four components are:
Resources
Resources for a security rule are selected using the resource filter.
Actions
Things you permit users to do with resources.
Conditions
Or, as I like to call them, specifications or additional filters.
Context
Where you would like a resource to be accessible to a user - in the Hub or in QMC.
In the last lesson, you've learned how properties of a resource can be used to narrow down list of resources for a security rule. I used an example of using stream name, which is a property of an app, to narrow down list of applicable apps to be only the ones published in HR stream.
That's great and all but you may or may not have noticed that the list of properties on resources is short. Often resource properties are just resource name and ID. That's it.
Although resources have a small list of properties, that is actually not a problem because Qlik built custom properties for us.
Custom properties enable you and me to create and add any property we want to one of the 18 resources mentioned in Introduction to Qlik Sense Resources guide plus the System notifications resource that is mentione in Discover Hidden Qlik Sense Resources guide.
Not only that, but custom properties enable you and me to populate the custom properties with any values that we want. That gives us a tremendous amount of freedom, flexibility, and power for constructing Conditions on most commonly used resources. And with great freedom, flexibility, and power comes great ... amount of confusion as to what to do with that freedom and power.
To clear up the confusion and add clarity and context, this guide:
Walks you through some common use cases for custom properties.
Explains how to create custom properties and assign them to resources.
2
POINTS
4
TAKEAWAYS
MED
COMPLEXITY
01. Use Case for Custom Properties
In the last lesson, you've learned all about Conditions which rely on resource properties to narrow down exactly which set of resource you would like a rule to apply to. For example, you can select all apps (App_*) in the resource filter and then use a stream, which is a property of an app, to grant access not to all apps, but only to apps published in a particular stream. With the help of resource properties we can create a single rule and have that rule manage access for a dynamic list of users and a dynamic list of apps with precision. That's fantastic and powerful!
But...what if a resource doesn't have a property that you're looking for. For example, what if HR leads come to you and ask that only a portion of apps within HR stream be accessible to recruiters? HR leads identified some of the apps in the HR stream that hold sensitive information about current employees. This sensitive information is not something that recruiters need to have access to. HR leads, therefore came to you, and asked you to create security rules that would allow all apps in HR stream to be accessible to HR leads but only some apps within HR stream to be accessible to recruiters.
Thinking of the request, you realize that the ask is about app access, so you know you'll need to use App_* as the resource filter, but then what? You'll need to create a condition to narrow down list of apps to a portion of apps in HR stream. Conditions use properties to narrow down list of apps for a security rule, but apps have only the following five properties:
App ID
App Name
App Owner
Stream Name
Stream Owner
None of which can be used to specify which apps should be accessible to recruiters and which ones should not be. Not only that, but let's make this example even more complicated and say that Active Directory doesn't have a group called Recruiters. Both HR leads and recruiters are part of a single Human Resources group.
It would be nice if there was a property called User Groups, for example, that you and I would be able to use to specify which apps are accessible to which group of users. It would also be nice if you didn't have to reach out to System Admins in your organization and ask them to create and maintain a new Active Directory group. That's where custom properties come in.
As mentioned in the Overview section above, you can create and assign your own custom properties to Qlik Sense resources. For example, you can create a custom property called UserGroups and assign it to both apps and users. Then, you can use that property to specify which group of users should have access to an app or set of apps.
02. Creating & Assigning Custom Property
Creating a custom property is a simple process. In the second half of the course, I will show you how to create security rules and custom properties to solve some real-life business challenges. For now, I will use the use case presented above, which is close to real-life, to introduce you to a process for creating a custom property, assigning it to resources, and populating it with values.
Step 01.
Go to Custom properties section of QMC.
Step 02.
Click Create new button to create a new custom property.
Step 03.
Enter name and description for a custom property.
Step 04.
Select resources to which you would like to add this new custom property.
Step 05.
In Values section, click the Create new button to enter a new property value.
Step 06.
Enter new property value.
Step 07.
Click Apply button to create the new custom property along with its value.
Step 08.
Go to Users section in QMC.
Step 09.
Select a user which you would like to add to Recruiting group.
Step 10.
Click Edit button.
Step 11.
Select Custom properties option in Properties section to make Custom properties section visible.
Step 12.
Click in the UserGroups input box and select Recruiting group.
Step 13.
Click Apply.
Step 14.
Go to Apps section in QMC.
Step 15.
Select an app which you would like to add to Recruiting group.
Step 16.
Click Edit button.
Step 17.
If it's not already selected, select Custom properties option in Properties section.
Step 18.
Click in the UserGroups input box and select Recruiting group.
Step 19.
Click Apply.
Step 20.
As a practice exercise and last step, go to Streams section of QMC and repeat the same steps to add HR stream to Recruiting user group as well.
Guide
Summary
Key Takeaways
Custom properties are simply additional properties that you can create and add to Qlik Sense resources.
Custom properties can be assigned only to 18 resources.
Custom properties cannot be assigned to:
App objects
Custom banner messages
External product sign-on
On-demand app services
Creating custom property values makes them available for assigning to resources.
Without values a custom property is of no use.
As a review, you've created a custom property, specified that this property should be available for users and apps, created a value for the property, and assigned a user and an app to Recruiting group. You are now ready to create a security rule to get access to the app that is part of Recruiting group for user that is also part of Recruiting group.
However, before I show you how to create security rules with custom properties, there's a quick and important thing you'll need to know about renaming custom property values. That's covered in the next lesson. I'll see you there!
Up Next
Dangers of Renaming Custom Property Values
Copyright © 2023 howdash LLC