Set User Access to Projects and Libraries in the QlikView Expressor Repository

QlikView Expressor Version 3.10 Newton, Massachusetts, November 2013 Authored by James Siwila

Copyright Expressor Software 2007-2012, QlikTech International AB 2013, All Rights Reserved Under international copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced, translated or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior written permission of QlikTech International AB, except in the manner described in the software agreement. QlikTech and QlikView are registered trademarks of QlikTech International AB. All other company names, products and services used herein are trademarks or registered trademarks of their respective owners.

The administrator of a QlikView Expressor Repository can control access to individual Projects and Libraries in the repository by using the Subversion authz file. Although QlikView Expressor does not officially support this method of access control, administrator's can maintain a higher level of access control by using this feature of Subversion, which is the underlying technology for the QlikView Expressor Repository. Projects and Libraries are contained in Workspaces on the QlikView Expressor Desktop, but Workspaces do not exist in the repository. User access must be set on the Projects and Libraries that are identified in the repository. It is not recommended that administrators use the authz mechanism to set privileges on artifacts, below the Project and Library level. Administrators can allow users to read Projects and Libraries (check them out of the repository) or read and write Projects and Libraries (check them out of and check them in to the repository). One or the other privilege must be set. If neither is set, then users receive a permission-denied message when they attempt to access the repository from the QlikView Expressor Desktop. Administrators can control the access privileges of individual users with additional control statements in the authz file. The Subversion authz file is located in the conf directory. During the following procedure, you access the svnserve.conf file, which is also located in the conf directory. 1. Open the svnserve.conf file with a text editor. The svnserve.conf file is located in the conf directory. 2. 3. 4. Remove the comment symbol (#) from the following line in the file: #authz-db =

authz
Open the authz file with a text editor. Add one of the following sets of lines to the end of the authz file:

[/] *=rw
or

[/] *=r *=rw allows all users to read and write to Projects and Libraries in the repository. *=r
allows users to read but not to write to Projects and Libraries. The latter is a common setting that can then be combined with additional write privileges for specific users. You can also set privileges on specific Projects and Libraries. To specify access for specific users, Projects, and Libraries, proceed with the remaining steps in this procedure. 5. Add write privileges to specific users with the following sets of lines to the end of the

authz file: [/] *=r fred=rw jane=rw

The user IDs must match the passwd file in the conf directory. The settings in this illustration would allow all users who have access to the repository (users with a user ID and password specified in the passwd file) to read, or check out, all Projects and Libraries, but only the users "fred" and "jane" would be able to check in a Project or Library.

6.

Add write privileges to specific Projects and Libraries with the following sets of lines to the end of the authz file:

[/] *=r [/MyProject.0] fred=rw

The Project or Library is named in the form "project_name.version." A Project named "MyProject" would be "MyProject.0" in the repository. The settings in this illustration would allow all users who have access to the repository to read (check out) Projects and Libraries, but only the user "fred" would be allowed to check out and check in the project named "MyProject." To restrict all users except "fred" from checking out "MyProject," you would use the following syntax:

[/] *=r [/MyProject.0] *= fred=rw

It is not possible to filter based on access privileges the list of Projects and Libraries presented to users for checkout. If a user does not have read privileges, he or she will receive an "access denied" or "authorization failed" message when attempting to check the Project or Library out with the QlikView Expressor Desktop or eproject command. Users who have only read access can change the Projects and Libraries in their own Workspaces. The control offered by repository access privileges do not extend to Projects, Libraries and artifacts outside the repository. But if users do not have write access, they will not be able to check in their changes. For more documentation on Subversion authz file, see http://svnbook.redbean.com/en/1.6/svn.serverconfig.pathbasedauthz.html.