Michael Ellerbeck

RDP session for keepass

Posted on March 21, 2018 by mellerbeck

This is very nice way to add RDP sessions to keepass

http://www.nullsec.us/opening-rdp-sessions-from-keepass/

Amazing whitepaper on QVD structure

Posted on March 6, 2018 by mellerbeck

http://qlikview.oxs.ru/install/Goods/QVDocumentation/Enterprise%20Framework/Scalability/Data%20Management/QlikView%20Enterprise%20QVD%20Layer.pdf

Filed under: Uncategorized | Leave a comment »

Fix #Qlikview 12.2 DirectConnect stopped working, Database connection failed

Posted on January 4, 2018 by mellerbeck

Upgraded to 12.2 and through web clients I was getting a Database connection failed. Checked the error log and it was complaining about not being able to find

fileNotFound C:\Program Files\QlikView\Server\QvConnect64.EXE) occurred during open of C:\Program Files\QlikView\Server\QvConnect64.EXE

Well, I think the installer possibly didn’t place it correctly? Anyways, to fix it just copy

C:\Program Files\QlikView\QvConnect64.EXE into the Server folder C:\Program Files\QlikView\Server\ and then the magic works again

Filed under: Uncategorized | Leave a comment »

Weird one for you, left handed mouse through RDP, how to fix

Posted on December 1, 2017 by mellerbeck

Install the microsoft Intellipoint driver and it will auto switch it for you when you connect to the terminal server.

Filed under: Uncategorized | Leave a comment »

Quick #Qlikview Reloader

Posted on October 24, 2017 by mellerbeck

We all know and love the QMSEDX reloader and it works well. The way I was using it though was getting a little annoying. Typically I would set the password on the External Event Trigger. Then I would create a .bat file that would call qmsedx.exe something like

\\server\QMSEDX_CommandLine\qmsedx -task=”Reload a Qlikview” -qms=http://server:4799/QMS/Service -password=thepassword

Then go into the qvw, create a text object and set then the action to launch the .bat file

Kind of a hassle.

So my first thoughts were I could just delegate access to the Qlikview portal and let people reload that way. But I was a little hesitant because there was no way to restrict them to reloading only. They could muck up the schedule, delete tasks, all sorts of ways to mess things up.

Anyways, I wanted a method that was easy to reload but had a low chance of people messing with it.

Enter the Qlikview reloader.

First off, I stopped using a password on the EDX task. (A user can’t reload unless they are a member of QlikView EDX anyways)

Basically it looks in the C:\ProgramData\QlikTech\ManagementService\QVPR\Trigger.xml for where the TriggerType for ‘ExternalEventTrigger’ is ‘true’. This gives you a list where EDX has been set, then it joins to the C:\ProgramData\QlikTech\ManagementService\QVPR\DocumentTask.xml to get the name of the document

Then a text object is created with a conditional show that will show when a single document is selected.

=if(GetSelectedCount(DocumentName)= 1,1,False())

This text object has a Launch action the application is set to

=’\\$(vServer)\QMSEDX_CommandLine\qmsedx’

This assumes you have downloaded the qmsedx.exe and created a share called QMSEDX_CommandLine

Also, need to set the vServer parameter

The Parameters are

=’-task=”‘ & only(DocumentName) &'” -qms=http://$(vServer):4799/QMS/Service -verbosity=5’

This launches the reload and passes it the document name, I also find it useful to include the verbosity=5 so that you can see some progress in the reload window.

In action it looks something like this.

Qlikview Reloader

Get a copy here

Filed under: Qlikview, Uncategorized | Leave a comment »

Been rereading Data Visualization: a successful design process by Andy Kirk

Posted on July 27, 2017 by mellerbeck

Once again I am fascinated by the Hollywood Movie Poster, would be fun to recreate in Qlik

http://krisztinaszucs.com/

Filed under: Uncategorized | Leave a comment »

Some more #Qlikview Section Access “Gotcha’s”

Posted on July 20, 2017 by mellerbeck

Section Definition – Section (access | application)

With the section statement, it is possible to define whether the subsequent LOAD and SELECT statements should be considered as data or as a definition of the access rights.

The access rights section is specified by ‘Section Access’

If nothing is specified, section application is assumed. (i.e. a normal qlikview is in section application mode)

Quick Definition of Section Access

The logic for reduction is that the reduction values are applied as selections, and the possible data after the selection is the reduced data provided to the user.

Common Errors

Most Common Error: not UPPERing ALL the fields.

HIC spells it out

All fields in Section Access must be upper case. Hence, the reducing field must be in upper case also in the data. Use the Upper() function and name the fields in upper case.

ADMIN rights are only relevant for local documents! Documents opened on a Server are always accessed with USER rights.

Tip: Comment out the Section access to see how it is joining

Tip from Steve Dark – Use % on the field name so you can hide the prefix

Note i.

A * character in the OMIT means all listed OMIT fields will be unavailable

Note ii.

A * character in the ‘Reducing Field’ also only allows access to all listed fields

As noted by Steve Dark

The biggest gotcha with Section Access is the use of * for all values. A user being admin does not actually grant them rights to any data, a * has to be used also. The * however doesn’t give access to all rows, only all of the rows that are explicitly listed in Section Access. If all values appear in the Section Access (ie. someone has explicit rights to each value) then all is good, if not you will need to add some dummy rows to the Section Access so each value is listed.

So one way of granting true * access is by using a SQL union ALL to the reducefield for the QVSERVICE account. The service account needs ADMIN access if you want to be able to reload it anyways 🙂

SECTION ACCESS;

AUTH:
LOAD "ACCESS",
 "NTNAME",
 "REDUCEFIELD";
SQL SELECT [ACCESS]
 ,[NTNAME]
 ,[REDUCEFIELD]
FROM [Test].[dbo].[SecurityTbl]
UNION ALL
select 'ADMIN', 'DOMAIN\QVSERVICE', REDUCEFIELD
from [Test].[dbo].[Fields];

OR you could join it in Qlikview

SECTION ACCESS;

AUTH:
LOAD "ACCESS",
 "NTNAME",
 "REDUCEFIELD";
SQL SELECT [ACCESS]
 ,[NTNAME]
 ,[REDUCEFIELD]
FROM [Test].[dbo].[SecurityTbl]

Load Distinct
'ADMIN' as ACCESS,
'DOMAIN\QVSERVICE' as NTNAME,
REDUCEFIELD
 Resident
 TheFields;

Note iii. Section access on the Desktop versus the Access Point (QVS)

From Peter Cammaert

ADMIN access in the Desktop: in QlikView Desktop, SA entries with ACCESS=ADMIN will always be able to get in, whatever the link values, data reduction results, strict exclusion setting, etc. This is a behavior that is Desktop-only. Probably configured this way to allow developers to debug…document security.
Strict exclusion: in the Access Point, everybody is a USER, even the IDs that have ACCESS=ADMIN. Since most ADMINS have an empty link field (for example the service account responsible for reloading the document should best be configured with an empty link field.) Strict exclusion will always deny them access because there is no data left after reduction.

My Findings:

If you want to use strict exclusion with the Access Point, you need to have the service account that reloads it as an ADMIN in section access. If you want to be able to use a * you need to create dummy records for every value in your reduction field.

Interestingly enough, even if you grant NTFS permissions to view a qlikview on the access point, it still checks section access to decide whether it is viewable to the user or not. (Whether the user or group is in section access) They can still get accessed denied if they have a reduction that isn’t part of your reduction fields (or null).