Solved: Re: Named CAL: admin rights revocation - Qlik Community

Report Inappropriate Content · ‎2013-05-30

I have to give my boss a Named CAL to allow access to all applications in the server. But i don't want him to be able to modify the application; he should have only read-only access. How can i do that? Is section access the only solution?

Regards,

Amit

kangaroomac · ‎2013-05-30

Hi amiltray,

You're right, QlikView desktop is the application you install on your desktop. The personal edition is the desktop version that has not been licenced.

With it alone, users won't be able to open your application. If however they are licenced (i.e. lease a licence from your server), they will be able to open and edit your QVW if no security has been put in place.

I am not sure why you would like to make your application "read only", but basically you have atleast two options:

1) If you don't want expressions, variables, etc. to be changed without your knowledge, you can think of versioning (keep multiple copies of your QVW with different version numbers).

2) If you want to limit access in terms of someone else doing development, section access is probably your best bet. If your QVW is copied or moved it still retains the security. Ensure they have USER rights and customise the user rights in settings -> document properties -> security (or something).

Please ensure that you save a copy (or multiple copies) when using section access.

You should also be aware that if the users you want to limit has access to the same data sources and they are named CALS, they could go and create their own QVW's.

Hope this helps.

View solution in original post

Bill_Britt · ‎2013-05-30

Documents on the server are really read only. Users can create their own objects, but those are kept in the .share files and not the QVW.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Report Inappropriate Content · ‎2013-05-30

Bill,

Thanks for your reply.

I am new in administration(earlier was there in development). What my understanding is, as an administrator i will have a Named CAL. I would be able to make the changes in applications. and i don't want other to have the same power though they would have Named CAL assigned. How do i approach the situation?

Regards.

Amit

Bill_Britt · ‎2013-05-30

Hi,

Are you talking about restricting the use of the DeskTop Client (Developer)?

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

Miguel_Angel_Baeyens · ‎2013-05-30

Hi Amit,

Changes can be made in a document not only by having a Named CAL, that is one step, but having filesystem access to modify the file itself. Even having those permissions, he had to open locally the file with QlikView Desktop.

Even that, you can use section access to avoid any user to do some kind of things once the document has been opened. These actions are defined in the Settings menu, Document Properties, Security.

Hope that helps.

Miguel

Report Inappropriate Content · ‎2013-05-30

I am sorry, i don't have clear knowledge of DeskTop Client as well. i will explain you my situation. i have learnt development. now my company is providing me with one production server and a test server and some doc CALs and few Named CALs. i have to administer the entire implementation of qlikview. doc CALs would no issue. i have doubt with Named CALs. some of my bosses have to be given access with multiple applications, so there goes Named CALs to them. As i never been in these CALs i am a bit confused. I read that with Named CALs users would be able to make the changes in the applications.

So the basic questions reduced to 1. How are we (me an admin and others with Named CAL but not admin) diffrent? Ultimately i need to restrict them.

Hope this time i am a bit clearer.

-Amit

Report Inappropriate Content · ‎2013-05-30

Thanks Miguel.

QlikView Desktop? Is it the personal edition qv which would be required to install in local machine? if so, then anybody can download and install it. there has to be something else too. Please help me understand it better.

sorry, if i am asking very basic questions.

- Amit

kangaroomac · ‎2013-05-30

Hi amiltray,

You're right, QlikView desktop is the application you install on your desktop. The personal edition is the desktop version that has not been licenced.

With it alone, users won't be able to open your application. If however they are licenced (i.e. lease a licence from your server), they will be able to open and edit your QVW if no security has been put in place.

I am not sure why you would like to make your application "read only", but basically you have atleast two options:

1) If you don't want expressions, variables, etc. to be changed without your knowledge, you can think of versioning (keep multiple copies of your QVW with different version numbers).

2) If you want to limit access in terms of someone else doing development, section access is probably your best bet. If your QVW is copied or moved it still retains the security. Ensure they have USER rights and customise the user rights in settings -> document properties -> security (or something).

Please ensure that you save a copy (or multiple copies) when using section access.

You should also be aware that if the users you want to limit has access to the same data sources and they are named CALS, they could go and create their own QVW's.

Hope this helps.

Report Inappropriate Content · ‎2013-05-30

thank you very much. it is really helpful. here "access to same data sources" - means server folder access?

kangaroomac · ‎2013-05-30

No worries, glad to have helped.

What I mean by data sources is what you load in your script (the source of your data).

i.e. ERP, Database(s), ..... etc.