9 Replies Latest reply: May 30, 2013 7:34 AM by Ian McGivern RSS

    Named CAL: admin rights revocation

      I have to give my boss a Named CAL to allow access to all applications in the server. But i don't want him to be able to modify the application; he should have only read-only access. How can i do that? Is section access the only solution?

       

       

       

      Regards,

      Amit

        • Re: Named CAL: admin rights revocation
          Bill Britt

          Documents on the server are really read only. Users can create their own objects, but those are kept in the .share files and not the QVW.

           

          Bill

            • Re: Named CAL: admin rights revocation

              Bill,

              Thanks for your reply.

               

              I am new in administration(earlier was there in development). What my understanding is, as an administrator i will have a Named CAL. I would be able to make the changes in applications. and i don't want other to have the same power though they would have Named CAL assigned. How do i approach the situation?

               

               

              Regards.

              Amit

                • Re: Named CAL: admin rights revocation
                  Bill Britt

                  Hi,

                   

                  Are you talking about restricting the use of the DeskTop Client (Developer)?

                   

                  Bill

                    • Re: Named CAL: admin rights revocation

                      I am sorry, i don't have clear knowledge of DeskTop Client as well. i will explain you my situation. i have learnt development. now my company is providing me with one production server and a test server and some doc CALs and few Named CALs. i have to administer the entire implementation of qlikview. doc CALs would no issue. i have doubt with Named CALs. some of my bosses have to be given access with multiple applications, so there goes Named CALs to them. As i never been in these CALs i am a bit  confused. I read that with Named CALs users would be able to make the changes in the applications.

                       

                      So the basic questions reduced to 1. How are we (me an admin and others with Named CAL but not admin) diffrent? Ultimately i need to restrict them.

                       

                      Hope this time i am a bit clearer.

                       

                       

                      -Amit

                    • Re: Named CAL: admin rights revocation
                      Miguel Angel Baeyens de Arce

                      Hi Amit,

                       

                      Changes can be made in a document not only by having a Named CAL, that is one step, but having filesystem access to modify the file itself. Even having those permissions, he had to open locally the file with QlikView Desktop.

                       

                      Even that, you can use section access to avoid any user to do some kind of things once the document has been opened. These actions are defined in the Settings menu, Document Properties, Security.

                       

                      Hope that helps.

                       

                      Miguel

                        • Re: Named CAL: admin rights revocation

                          Thanks Miguel.

                           

                          QlikView Desktop? Is it the personal edition qv which would be required to install in local machine? if so, then anybody can download and install it. there has to be something else too. Please help me understand it better.

                           

                          sorry, if i am asking very basic questions.

                           

                          - Amit

                            • Re: Named CAL: admin rights revocation
                              Ian McGivern

                              Hi amiltray,

                               

                              You're right, QlikView desktop is the application you install on your desktop. The personal edition is the desktop version that has not been licenced.

                               

                              With it alone, users won't be able to open your application. If however they are licenced (i.e. lease a licence from your server), they will be able to open and edit your QVW if no security has been put in place.

                               

                              I am not sure why you would like to make your application "read only", but basically you have atleast two options:

                               

                              1) If you don't want expressions, variables, etc. to be changed without your knowledge, you can think of versioning (keep multiple copies of your QVW with different version numbers).

                               

                              2) If you want to limit access in terms of someone else doing development, section access is probably your best bet. If your QVW is copied or moved it still retains the security. Ensure they have USER rights and customise the user rights in settings -> document properties -> security (or something).

                               

                              Please ensure that you save a copy (or multiple copies) when using section access.

                               

                              You should also be aware that if the users you want to limit has access to the same data sources and they are named CALS, they could go and create their own QVW's.

                               

                              Hope this helps.

                      • Re: Named CAL: admin rights revocation
                        Ian McGivern

                        No worries, glad to have helped.

                         

                        What I mean by data sources is what you load in your script (the source of your data).

                         

                        i.e. ERP, Database(s), ..... etc.