up to now the users of my apps have always accessed QlikView via their Browser, so I didn't have this problem - there is a security_group I had them all added to, only granting them RO access to the one subdirectory where the apps are. They all got a Document_CAL and that was that, they could access that app via the AccessPoint and use it.
For a novel app I have created, one of the core functionalities is reloading the script via the GUI. That doesn't work in the Browser (well, there is a way using EDX triggers and such, but I try to keep things simple). So
- the users need to have the client installed which I am in the process of having done by the IT_guys;
- They need full-access, but only to the (same) directory where the apps are AND to a subdirectory where the qvd files are (because
the app will store away the qvd files, again triggered by a button on the GUI).
=> I tried adding them to a group which grants them full access, but only to these two directories. That did not work, apparently because
they had no access rights to the root path of the server (the first segment after the \\).
=> So we decided to add them to the same group as myself and granting them full access to the entire QlikViewServer temporarily
<=> I want to switch them over in the group with fewer access rights as soon as the initial setup is done since I don't want to grant
the shopfloor_users more access rights tha n they absolutely need.
<=> It still doesn't work, so I guess I've done something wrong.
As I said, it's a long time since I had to unlock a Client since all the shopfloor_users up to now accessed QlikView in their Browser.
So I guess what I have in mind to do to unlock the Client is in some way incomplete. I would
- open the client
- hit the main_menu "File"
- select "Open on Server"
- type in that Edit_field the root_path (the first segment after the \\), without closing \
- click on "connect"
=> That's when we get a message that the security_settings deny access. So there is most probably something I'm doing wrong. Can you tell me what it is?
Thanks a lot!
P.S. Another colleague has now made it a bit further. It seems we must not type any \\, but simply the name of the server. But now we got a message "the Server has no USER CAL for this document" (she clicked on the very app that I gave her a licence for). She has only a Document_CAL. Could it be that that doesn't work?
Doc CALs are AccessPoint-only licenses, meaning that you can use QV Desktop as an AP client, but not as a desktop. And you'll need the real QV Desktop to enable the reload button...
okay, that is also done. I realized I had already provided them with a copy in another directory that I don't mess with, so the licence is for that and of course when clicking on some other app, the server cannot find the licence.
That is all done now and we will get that solved.
There is however still a dilemma I would like to solve (though we have found a workaround for now):
- The users actually need access to only two subdirectories
- It is no problem to structure their access rights that way, IT can do that.
<=> When they have no rights on the root path of this server, they cannot unlock their client, it stays on PE.
For now we solve that by
- adding them to a full-access-to-everything-group until they have unlocked their client
- once this is done, switching them into a group with access to only those two subdirectories.
I don't know yet whether that will work, let's see.
Does anyone have another idea?
Thanks a lot!
do you mean that they still cannot use the reload button unless I assign them a Named_User_CAL?
That will be a problem since we have only two of those left and they cost much more, so I cannot see us getting anymore in the near future ...
AccessPoint visitors cannot reload documents, whether they use the iPad clients, the AJAX client or the QlikView Desktop with Open in Server. (e.g. as an AccessPoint client)
QV Desktop users (with a license lease) can get permission to reload documents that are opened with File->Open... (see Settings->Document properties->Security) if the security settings allow User reloads (and Section Access lets them in)
So yes, you'll need to assign Named CALs if you want them to get out of PE mode.
well, that is not good at all ...
I have to sort out something else first, before testing that. I thought of making a copy that I can work on without messing up their app - but I didn't think of changing the path to the qvd, so I messed up the qvd while testing new functions and they cannot use it properly ...
If what you say is so, that will be a blocker for the entire project and reduce the added_value of my work of the last month or so to 0 for the moment ... not that it matters too much. I have done more work to see it disappear in a drawer ... a little frustrating, but there are worse things.
I think I'll have to contact our partner CP once again about that. We had someone on site at a time to tell us about the licences, but apparently there is a lot more to the licences than they told us.
P.S.: Well, all is not lost. That just means I will have to do some experimenting with those EDX triggers via AccessPoint so that the users can trigger a reload of the app. That will also mean that they don't need the QlikView Client after all, but can use the Browser.
P.P.S.: I see there are already some posts here and references to that blog where it's all explained. I'll try with that.