Discussion Board for collaboration related to QlikView Deployment.
We have now recently installed QV server/publisher 9.0 and are trying to tweak it to fit our organization. But we have on question that I guess everyone have faced during their distribution of Qlikview-files.
Is there a Monitor or other way where you easily can see access rights per Qlikview-file. For example if a user leaves the department I would like to easily see which files he had access to and remove those via the publisher. You could also use it see which files a user can see OR which users have access to this specific file.
The Operations Monitor only shows if a user has accessed the file.
In which way do you give users the authorization for the files?
Do you do this using something like Active Directory? Or do you use something like a separate Access file which indicates which authorization is used (using hidden script?) ...
In the monitor only the users and which files are opened are shown ...
As far as I know there is not a way of showing which user opens which files and has access to which files using the performance monitor.
Hopes this info helps you.
Yes, we are using Active Directory for access to the files. Because this is handled very nicely via the Publisher. So in other words there are no way of monitoring these access right...
Access control is something that QlikView has to improve a lot of.
I have the same problem, once the distribution is done, I don't who has access to which QlikView.
I control most of the rights via Active Directory. However, I also have some qlikviews that are distributing according external queries. In this case, I lost most of the control. If I have to modify the access of an old document, I have to change it manually.
I'm thinking about a qlikview that read all the documents and its rights access.
I'm looking for the same thing too. Active directory access, need to know who has access to what. Need to know total user access versus active users, things like that.
Previously in v8, we have QVPR, i made a script to build this kind of relationship, but with v9, i don't why qvpr is not needed anymore.
or, another solution is we have to go DIG the log or xml to see where those info is stored and import them to the op monitor made by Brad.
but again, we are using manual enter user list and those in excel. tricky...
In versions 8 and 9 there is QVPR. From there you need to join Recipients to tasks and to source files. But this will not list QVW files that were distributed in the QVS server, but their associated tasks were renamed / deleted / distribute with other QVW naming convention.
Listing unique combinations of username + file from logs shows only files that were used in the past. It does not show all accessible files for users.
A safer choice is to go to the mounted folders and look at what permissions users have on files.
If QV security is based on groups, and users are in Active Directory groups, when they leave or change jobs they are removed from the respective groups. Problem solved.
For restrictions done within the access-control in QV (Section Access) it is possible to load the access-tables (and other restrictions) within the same script into another table, which then might be displayed or stored into a separate .qvd for being picked up by a third application supervising access-rights.
Script may look like:
INLINE [ACCESS, USERID
NOCONCATENATE LOAD * RESIDENT AccessTableHidden;
STORE AccessTable INTO ....;
DROP TABLE AccessTable;
QVPR can be either in SQL Server , or in files depending on the version of Windows:
C:\Document and Settings\All Users\QlikTech\Publisher\CommandCenter\QVPR