1 Reply Latest reply: Feb 27, 2012 10:19 AM by M Paeper RSS

    How to implement varied user access to QV models stored on shared folder?

    M Paeper

      Running QV10SR3 server SBE x64, clients are QV10SR4 Personal x64 on Win 7 Pro with licenses leased from server. Server installed on Win2008R2.

      No domain controller, no Directory services.


      On initial setup of Windows added a QVadmin user as local administrator and QVuser as a user.


      All the models I'm working with are in a shared windows folder called MODELS on the QV server.


      I am using Alternate Identity to login to QV.


      I added both users with full access rights to the shared folder (I know this isnt the ideal but I was trying to get to see models as QVuser and not just as QVadmin and even with full access rights to the folder if the user isnt part of the local administrators group I couldnt see any models)


      From QV Personal as user QVadmin can create, open models across multiple PC's - each time logging in as QVadmin. Accesspoint Ajax and IEplugin access works fine when logging in as QVadmin.


      I cannot get user QVuser or any other named user (except QVadmin which works) to access the models. Accesspoint shows me "no documents" and from Personal open in server mode when accessing as QVuser or any other user logs in but no models/documents are available to load.


      Its clearly permissions related because the only way I can get this to work is by adding QVuser to the Windows server local administrator group, just adding it to the Qlikview administrator isnt sufficient.


      I have dug through QV reference manual and I havent found anything user the Installation section to explain what I should be doing to get this to work.


      Where in the docs, on this site can I find a walkthrough of setting up multiple QV users or can anyone shed some light.


      Ideally I was hoping to setup something like DHCP where our 10 licenses can be allocated across any user that logs in on a first come first served basis, and then have 2 named users which operate like a static IP and are reserved with leases. But it appears that our version of QV server doesnt support anonymous users.


      Also named users - I can add them using the QV enterprise console, but where is that user setup ito password etc?


      If I had an idea what permissions QV requires where and where I find it to set it up then this should be doable but at the moment I'm not sure whether I should be looking at QV permissions, Windows folder permissions or what.


      I'd just like to find a simple example of creating an additional user besides admin and having the ability of restricting that 2nd users QV admin access to some extent but still be able to see and edit models. Then create a 3rd user which can just view the models.



        • How to implement varied user access to QV models stored on shared folder?
          M Paeper

          Answering my own question here, I've managed to resolve this more or less.


          I created the QV users I wanted as local account users on the Win 2008R2 Qlikview server and added them to the local user group - Users. The folder containing the QV models, I then shared with the server's local user group Users and I set the security permissions tab to Read for the "User" group on the server.


          I still have 24 hr lease on users names before I can remove them from the QV console but now that I've allocated each user a separate local Windows account on the QV server its a not a major problem - except for the fact that I hadnt planned on creating user accounts like this and purchasing additional CAL's for the Win server to match the user licenses on QV - I was expecting to do it as named users on QV and expecting that I couldnt exceed the license limit of x amount of simultaneously logged in users, not to also have to add CAL's to Windows.


          In short the info I've found on this aspect of what to do to get QV to work is rather convoluted. For now though trial and error I've acheived a workable result, and without needing to give every user admin rights.