Hi Phillip, the idea is that only administrators have access to the Admin container. As security is inherited downwards setting different security settings for different containers is quite easy, to prevent security manipulation use change access instead of full controll. The idea of shared is that all developers have access to this resource in test environment so that they can move reusable resources, else there is a risk that developers does not reuse between them. When the app goes into production the reused resources need to be validated and copied into the production shared container by the administrator/system owner.
Hope that this helps.
I am not sure what "Change Access" means in your statement "to prevent security manipulation use change access instead of full control"
I am in a windows environment and when a developer requests a new container I create it and give them full control on it. For \99.Shared, in development, I have given the developers Full control. Nothing has been setup in Production yet.
I have setup the Win 2012 R2 Shares via Server Manager > File and Storage Services > Shares
I have 3 shares
Full control on this folder, sub folders and files for the local QlikView Administrators, Local Administrators, Domain service account for QlikView. Inherited from None
Read, write & execute on this folder, sub folders and files for our Vendor's Domain account for their developers inherited from none.
Full Control for Local Administrators
Local Users have Special Inherited from D:\ on This folder and Subfolders
Local Administrators have Full control inherited from D:\ on this folder, sub folders and files
And local Users a again with Read & Execute inherited from D:\ on this folder, sub folders and files
- \10.Finance Container
Full control for the Svc account, Admins and the domain role for the Finance Developers inherited from none
Full control for the Vendor's Developer Domain account inherited from \QV-Docs\Sourcedocs\1.development
Full control for the QlikView Service Account, Local Administrators inherited from \QV-Docs\Sourcedocs
Full control for local QlikView Admins inherited from \QV-Docs
Full control for the domain role for the Finance Developers inherited from none
Read & execute for local users inherited from D:\
Special for local users inherited from D:\
It seems like there are some redundant entries. But maybe it is supposed to look like that as I go deeper into the nested folders. I am not sure how you get "Inherited from None", or why the local Users has two entries, one for read and execute on this folder, sub folders and files, and then special on this folder and sub folders.
Hi Phillip, sorry for late reply ive been on holiday. with change access I mean that the users (other than Admin) have not full access control. The users should not have change permissions and take ownership access in the folder structure.
Will have a look in the documentation and add this if missing.
Hope that this helps.
Thanks for the update. I think I am close.
Admins have full access to everything in the \QDF. The Admin's full control rights are inherited in every new sub folder that is created.
DEVELOPERs have full access to \99.Shared
And when a Developer asks for a new container. Let's say a Finance container. I create this is the ADMIN variable editor. Then I give the Developer FULL ACCESS to the Container. I assume if I already Shared out \99.Shared then 10.Finance should show up their explorer also.