12 Replies Latest reply: Oct 28, 2010 5:10 AM by alxtoth RSS

    User access monitor

    oggipoggi

      Hi.

      We have now recently installed QV server/publisher 9.0 and are trying to tweak it to fit our organization. But we have on question that I guess everyone have faced during their distribution of Qlikview-files.

      Is there a Monitor or other way where you easily can see access rights per Qlikview-file. For example if a user leaves the department I would like to easily see which files he had access to and remove those via the publisher. You could also use it see which files a user can see OR which users have access to this specific file.

      The Operations Monitor only shows if a user has accessed the file.

        • User access monitor
          Anita Fuchten

          In which way do you give users the authorization for the files?

          Do you do this using something like Active Directory? Or do you use something like a separate Access file which indicates which authorization is used (using hidden script?) ...

           

          In the monitor only the users and which files are opened are shown ...

          As far as I know there is not a way of showing which user opens which files and has access to which files using the performance monitor.

           

          Hopes this info helps you.

           

          Anita

            • User access monitor
              oggipoggi

              Yes, we are using Active Directory for access to the files. Because this is handled very nicely via the Publisher. So in other words there are no way of monitoring these access right... Sad

                • User access monitor
                  Anita Fuchten

                  Not that I know of ...

                   

                  We don't use Active Directory yet ... but intend to ...as I understood it is not visible in the performance monitor.

                   

                  Anita

                    • User access monitor

                      Access control is something that QlikView has to improve a lot of.

                      I have the same problem, once the distribution is done, I don't who has access to which QlikView.

                      I control most of the rights via Active Directory. However, I also have some qlikviews that are distributing according external queries. In this case, I lost most of the control. If I have to modify the access of an old document, I have to change it manually.

                      I'm thinking about a qlikview that read all the documents and its rights access.

                      Kim

                        • User access monitor
                          Nick Gan

                          Hi Kim,

                          I'm looking for the same thing too. Active directory access, need to know who has access to what. Need to know total user access versus active users, things like that.

                          Previously in v8, we have QVPR, i made a script to build this kind of relationship, but with v9, i don't why qvpr is not needed anymore.

                          or, another solution is we have to go DIG the log or xml to see where those info is stored and import them to the op monitor made by Brad.

                          but again, we are using manual enter user list and those in excel. tricky...

                            • User access monitor

                              Hi,

                              In versions 8 and 9 there is QVPR. From there you need to join Recipients to tasks and to source files. But this will not list QVW files that were distributed in the QVS server, but their associated tasks were renamed / deleted / distribute with other QVW naming convention.

                              Listing unique combinations of username + file from logs shows only files that were used in the past. It does not show all accessible files for users.

                              A safer choice is to go to the mounted folders and look at what permissions users have on files.

                              CACLS *.qvw

                              ----------

                              If QV security is based on groups, and users are in Active Directory groups, when they leave or change jobs they are removed from the respective groups. Problem solved.

                              -Alex

                                • User access monitor
                                  Nick Gan

                                  Hi Alex,

                                  Where can we find the QVPR in v9? In v8, it was in SQL server, but in v9, i don't think it has install it to SQL server?

                                    • User access monitor
                                      Peter Rieper

                                      For restrictions done within the access-control in QV (Section Access) it is possible to load the access-tables (and other restrictions) within the same script into another table, which then might be displayed or stored into a separate .qvd for being picked up by a third application supervising access-rights.
                                      Script may look like:


                                      SECTION ACCESS;
                                      AccessTableHidden:
                                      LOAD
                                      *
                                      INLINE [ACCESS, USERID
                                      ADMIN, admin
                                      USER, Joe
                                      USER, Jane];
                                      SECTION APPLICATION;

                                      //....

                                      AccessTable:
                                      NOCONCATENATE LOAD * RESIDENT AccessTableHidden;

                                      STORE AccessTable INTO ....;
                                      DROP TABLE AccessTable;


                                      HTH
                                      Peter

                                       

                                      • User access monitor

                                        Hi,

                                        QVPR can be either in SQL Server , or in files depending on the version of Windows:

                                        C:\ProgramData\QlikTech\Publisher\CommandCenter\QVPR

                                        C:\Document and Settings\All Users\QlikTech\Publisher\CommandCenter\QVPR

                                        -Alex

                                          • User access monitor
                                            Nick Gan

                                            Hi Alex,

                                            Thanks! i found it. but it's in xml.

                                            I wrote the following for v8 with sql db, do u think i can still use the same? or i need to modify a bit?

                                            Thanks.

                                             



                                            SELECT
                                            Recipient.XSName, SourceDocument.Name, DistributionTask.Name AS Expr1, conn_DT_Rec.ModifiedByUser, conn_DT_Rec.ModifiedTime,
                                            DistributionTask.Enabled, conn_DT_Rec.CreatedByUser, conn_DT_Rec.CreatedTime
                                            FROM
                                            conn_DT_Rec INNER JOIN
                                            DistributionTask ON conn_DT_Rec.DistributionTaskID = DistributionTask.ID INNER JOIN
                                            Recipient ON conn_DT_Rec.RecipientID = Recipient.ID INNER JOIN
                                            SourceDocument ON DistributionTask.SourceDocumentID = SourceDocument.ID
                                            order by SourceDocument.Name


                                              • User access monitor

                                                Hi,

                                                QVPR will not give the full listing of all files available in the mounted folders.

                                                If the QVS uses "NTFS authorization" look for command line output of CACLS.exe (or simular tool with nicer output). If it uses the "DMS authorization", for each QVW file there should be one XML file with category name, recipients

                                                -Alex

                                                  • User access monitor

                                                     

                                                     

                                                    Hi,

                                                     

                                                    Found this script fragment for QV 8 QVPR in XML . By looking at recipients + distributiontasks and recipients + accesspoints you can stop distributing in future to people that left.

                                                     

                                                    -Alex



                                                     

                                                     


                                                    AccessPointResource:
                                                    LOAD Path,
                                                    AllowPluginClient,
                                                    AllowJavaClient,
                                                    AllowDownLoad,
                                                    AllowZeroFootprintClient,
                                                    //ZfcDocumentUrl,
                                                    //ZfcFileUrl,
                                                    AccessPointType,
                                                    Inherit,
                                                    //ScrambleFilename,
                                                    FolderID,
                                                    Url,
                                                    //SendNotificationMail,
                                                    //SMTPServerResourceID,
                                                    Name as AccessPoint_Name,
                                                    Description as AccessPoint_Description,
                                                    ResourceType,
                                                    IsDistributionResource,
                                                    IsDirectoryResource,
                                                    Enabled as AccessPoint_Enabled,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_2,
                                                    ID as ResourceID
                                                    //LockedByUser,
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\AccessPointResource.xml] (XmlSimple, Table is [NewDataSet/AccessPointResource]);



                                                    Category:
                                                    LOAD Name as Category_Name,
                                                    Description as Category_Description,
                                                    ID as CategoryID
                                                    //LockedByUser,
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\Category.xml] (XmlSimple, Table is [NewDataSet/Category]);

                                                    conn_DT_Cat:
                                                    LOAD DistributionTaskID as TaskID,
                                                    CategoryID,
                                                    ID as conn_DT_Cat_ID
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\conn_DT_Cat.xml] (XmlSimple, Table is [NewDataSet/conn_DT_Cat]);

                                                    ///////////////

                                                    conn_DT_Res:
                                                    LOAD DistributionTaskID as TaskID,
                                                    ResourceID,
                                                    ID as conn_DT_ResID
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\conn_DT_Res.xml] (XmlSimple, Table is [NewDataSet/conn_DT_Res]);



                                                    conn_DT_Rec:
                                                    LOAD DistributionTaskID as TaskID,
                                                    RecipientID,
                                                    ID as conn_DT_RecID
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\conn_DT_Rec.xml] (XmlSimple, Table is [NewDataSet/conn_DT_Rec]);



                                                    Job:
                                                    LOAD Name as Job_Name,
                                                    Enabled as Job_Enabled,
                                                    Description as Job_Description,
                                                    Timeout,
                                                    SendAlertEmail,
                                                    //RetryCount,
                                                    //RetryDelaySeconds,
                                                    //MailSendMode,
                                                    //MailSendTimes,
                                                    //MailUseSendTime,
                                                    //MailSendTime,
                                                    EDXPassword,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_3,
                                                    ID as JobID
                                                    //LockedByUser,
                                                    //LockedUntil,
                                                    //ModifiedByUser,
                                                    //ModifiedTime,
                                                    //CreatedByUser,
                                                    //CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\Job.xml] (XmlSimple, Table is [NewDataSet/Job]);



                                                    Task:
                                                    LOAD Name as Task_Name,
                                                    Enabled as Task_Enabled,
                                                    Description as Task_Description,
                                                    TaskType,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_4,
                                                    ID as TaskID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\Task.xml] (XmlSimple, Table is [NewDataSet/Task]);



                                                    Recipient:
                                                    LOAD XSRecipientID,
                                                    XSName as RecipientName,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_1,
                                                    DSObjectType,
                                                    ID as RecipientID
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\Recipient.xml] (XmlSimple, Table is [NewDataSet/Recipient]);


                                                    conn_Job_Task:
                                                    LOAD JobID,
                                                    TaskID,
                                                    RunOrder,
                                                    //Timeout,
                                                    ID as conn_Job_Task
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\conn_Job_Task.xml] (XmlSimple, Table is [NewDataSet/conn_Job_Task]);



                                                    StartBlock:
                                                    LOAD JobID,
                                                    Enabled,
                                                    EnableDateTime,
                                                    ExpireDateTime,
                                                    RecurrenceType,
                                                    RepeatEvery,
                                                    HourStart,
                                                    DayStart,
                                                    RepeatMaxCount,
                                                    ID as StartBlockID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\StartBlock.xml] (XmlSimple, Table is [NewDataSet/StartBlock]);

                                                    ExternalProgramTask:
                                                    LOAD CommandLine,
                                                    Name as ExternalProgramTask_Name,
                                                    Enabled as ExternalProgramTask_Enabled,
                                                    Description as ExternalProgramTask_Description,
                                                    TaskType as Ext_TaskType,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_8,
                                                    ID as TaskID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\ExternalProgramTask.xml] (XmlSimple, Table is [NewDataSet/ExternalProgramTask]);


                                                    ReloadTask:
                                                    LOAD UsePartialReload,
                                                    SectionAccessUserName,
                                                    SectionAccessPassword,
                                                    OverrideXSSectionAccess,
                                                    Name as ReloadTask_Name,
                                                    Enabled as ReloadTask_Enabled,
                                                    Description as ReloadTask_Description,
                                                    TaskType as Reload_TaskType,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_10,
                                                    ID as TaskID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\ReloadTask.xml] (XmlSimple, Table is [NewDataSet/ReloadTask]);


                                                    DistributionTask:
                                                    LOAD AllowAccesspointDistribution as DT_AllowAccesspointDistribution,
                                                    AllowMailAttachmentDistribution as DT_AllowMailAttachmentDistribution,
                                                    AllowFolderDistribution as DT_AllowFolderDistribution,
                                                    AllowQVSDistribution as DT_AllowQVSDistribution,
                                                    AllowPluginClient as DT_AllowPluginClient,
                                                    AllowJavaClient as DT_AllowJavaClient,
                                                    AllowDownloadClient as DT_AllowDownloadClient,
                                                    AllowZeroFootprintClient as DT_AllowZeroFootprintClient,
                                                    AlwaysOpenable,
                                                    SourceDocumentID,
                                                    ClearLocks,
                                                    ClearAll,
                                                    ClearAlwaysOneSelected,
                                                    ReapplySelections,
                                                    SetScript,
                                                    DDDField,
                                                    DDDValueType,
                                                    SectionAccessUserName as DT_SectionAccessUserName,
                                                    SectionAccessPassword as DT_SectionAccessPassword,
                                                    OverrideXSSectionAccess as DT_OverrideXSSectionAccess,
                                                    MaxOpenSessions,
                                                    AutoLoadMode,
                                                    AutoLoadFromTime,
                                                    AutoLoadToTime,
                                                    AutoLoadDayOfWeek,
                                                    ShowToolbar,
                                                    GenerateHTMLFiles,
                                                    Name as DT_Name,
                                                    Enabled as DT_Enabled,
                                                    Description as DT_Description,
                                                    TaskType as DT_TaskType,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_20,
                                                    ID as TaskID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\DistributionTask.xml] (XmlSimple, Table is [NewDataSet/DistributionTask]);


                                                    RepeatTask:
                                                    LOAD LoopType,
                                                    "From" as RT_From,
                                                    To,
                                                    Name as RT_Name,
                                                    Enabled as RT_Enabled,
                                                    TaskType as RT_TaskType,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_30,
                                                    ID as RT_ID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\RepeatTask.xml] (XmlSimple, Table is [NewDataSet/RepeatTask]);

                                                    //not exactly like this ..
                                                    rem conn_RepT_Task:
                                                    LOAD RepeatTaskID as RT_ID,
                                                    TaskID,
                                                    RunOrder as RepT_RunOrder,
                                                    ID as RepT_ID
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\conn_RepT_Task.xml] (XmlSimple, Table is [NewDataSet/conn_RepT_Task]);


                                                    Trigger_Task:
                                                    LOAD [TriggerEDXTask/XSID] as XSID,
                                                    [TriggerEDXTask/XSUrl] as XSUrl,
                                                    [TriggerEDXTask/JobIdentifier] as JobIdentifier,
                                                    [TriggerEDXTask/QueueIfAlreadyRunning] as QueueIfAlreadyRunning,
                                                    [TriggerEDXTask/Name] as Trigger_Task_Name,
                                                    [TriggerEDXTask/Enabled] as Trigger_Task_Enabled,
                                                    [TriggerEDXTask/TaskType] as Trigger_Task_TaskType,
                                                    [TriggerEDXTask/ExecutionServiceResourceID] as ExecutionServiceResourceID_40,
                                                    [TriggerEDXTask/ID] as TaskID
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\TriggerEDXTask.xml] (XmlSimple, Table is [NewDataSet]);
                                                    // End of [TriggerEDXTask.xml] LOAD statements


                                                    Trigered_Job:
                                                    LOAD Name as Trigered_Job_Name,
                                                    ID as JobIdentifier
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\Job.xml] (XmlSimple, Table is [NewDataSet/Job]);


                                                    SourceDocumentFolderResource:
                                                    LOAD Path as SDF_Path,
                                                    EnableSubFolders,
                                                    Name as SDF_Name,
                                                    Description as SDF_Description,
                                                    ResourceType as SDF_ResourceType,
                                                    IsDistributionResource as SDF_IsDistributionResource,
                                                    IsDirectoryResource as SDF_IsDirectoryResource,
                                                    Enabled as SDF_Enabled,
                                                    ExecutionServiceResourceID as ExecutionServiceResourceID_50,
                                                    ID as SDF_ID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\SourceDocumentFolderResource.xml] (XmlSimple, Table is [NewDataSet/SourceDocumentFolderResource]);


                                                    SourceDocument:
                                                    LOAD XSDocumentID as SD_XSDocumentID,
                                                    Name as SD_Name,
                                                    Path as SD_Path,
                                                    FolderID as SDF_ID,
                                                    Enabled as SD_Rnabled,
                                                    Description as SD_Description,
                                                    ExecutionServiceResourceID as SD_ExecutionServiceResourceID,
                                                    ID as SourceDocumentID
                                                    // LockedByUser,
                                                    // LockedUntil,
                                                    // ModifiedByUser,
                                                    // ModifiedTime,
                                                    // CreatedByUser,
                                                    // CreatedTime
                                                    FROM [C:\Documents and Settings\All Users\Application Data\QlikTech\Publisher\CommandCenter\QVPR\SourceDocument.xml] (XmlSimple, Table is [NewDataSet/SourceDocument]);