Difference between revisions of "QPR UI System Settings"
| (26 intermediate revisions by 2 users not shown) | |||
| Line 5: | Line 5: | ||
| = System Settings = | = System Settings = | ||
| == Settings for QPR Product Locations == | == Settings for QPR Product Locations == | ||
| + | |||
| + | Note for the QPR product locations: If the url starts with '''https''', the connection is secure and requires that the hostname matches with the certificate provided by the contacted server. To confirm that, check that the url opens without security errors in the web browser. However, you may still need to [[Payara_Configuration_in_QPR_UI#Importing_SSL_Certificate_to_Payara|Import the SSL Certificate to Payara]]. | ||
| {| class="wikitable" | {| class="wikitable" | ||
| Line 12: | Line 14: | ||
| |MEA_SERVICE_LOCATION | |MEA_SERVICE_LOCATION | ||
| |QPR Suite Web Service location. QPR UI uses this to access QPR Suite. In usual configurations, where QPR Suite is in the same server computer, the address is '''<nowiki>http://localhost/QPR2017-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/</nowiki>'''. Note that you may need to change the QPR Suite version number in the url or the protocol (http/https). | |QPR Suite Web Service location. QPR UI uses this to access QPR Suite. In usual configurations, where QPR Suite is in the same server computer, the address is '''<nowiki>http://localhost/QPR2017-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/</nowiki>'''. Note that you may need to change the QPR Suite version number in the url or the protocol (http/https). | ||
| − | |||
| − | |||
| − | |||
| |- | |- | ||
| |QPR_REPORTING_EXPRESSIONS_<wbr />WEB_SERVICE_LOCATION | |QPR_REPORTING_EXPRESSIONS_<wbr />WEB_SERVICE_LOCATION | ||
| Line 36: | Line 35: | ||
| |- | |- | ||
| |ADMINISTRATORS_GROUP_NAME | |ADMINISTRATORS_GROUP_NAME | ||
| − | |QPR Suite (MEA) or QPR ProcessAnalyzer user group  | + | |Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group the members of which have administrator permissions in QPR UI. Other users have only viewer permissions. Note that if a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own [[Manage_Users_in_QPR_ProcessAnalyzer_Excel_Client#Assigning_User_to_User_Group|hidden groups memberships]] and thus the hidden memberships might not give administrator permissions in QPR UI. See more about [[Permissions (QPR UI)|QPR UI permissions]]. | 
| + | |||
| + | Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time. | ||
| + | |- | ||
| + | |ENTICE_USERS_GROUP_NAME | ||
| + | | | ||
| + | Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group which members are allowed to login to QPR UI. If a user doesn't have permissions to log in to QPR UI, user gets an error message when trying to login. | ||
| + | |||
| + | Notes: | ||
| + | * When ENTICE_USERS_GROUP_NAME is configured, also the ADMINISTRATORS_GROUP_NAME needs to be configured. | ||
| + | * Users belonging to group ADMINISTRATORS_GROUP_NAME are allowed to login to QPR UI, even if not part of the ENTICE_USERS_GROUP_NAME. | ||
| + | * New user accounts are always created to QPR Suite or QPR ProcessAnalyzers even if users doesn't have permissions to log in to QPR UI. | ||
| + | * If a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own [[Manage_Users_in_QPR_ProcessAnalyzer_Excel_Client#Assigning_User_to_User_Group|hidden groups memberships]] and thus the hidden memberships might not give administrator permissions in QPR UI. See more about [[Permissions (QPR UI)|QPR UI permissions]]. | ||
| + | * Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time. | ||
| |- | |- | ||
| |[[Common QPR Authentication#QPR UI Session Expiration|SESSION_EXPIRATION_TIME]] | |[[Common QPR Authentication#QPR UI Session Expiration|SESSION_EXPIRATION_TIME]] | ||
| − | |QPR UI user session expiration  | + | |QPR UI user session expiration timeout in minutes. If this setting is not defined, by default it is 2 hours. If using QPR Suite, the session expiration timeout needs to be same in both QPR UI and QPR Suite. By default, the QPR Suite session expiration timeout is 1h (setting ''SessionExpirationTimeout'' in ''QPR_Servers.ini''). | 
| + | |- | ||
| + | |TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN | ||
| + | | | ||
| + | Sets if User can have multiple sessions open to QPR UI simultaneously. When set to 1 then the User can have only one session open to QPR UI at the time. If the User login again successfully e.g. with another browser then the earlier sessions are terminated. Default value is 0 i.e. setting is not set and Users can have multiple session open simultaneously. | ||
| + | |- | ||
| + | |BIND_SESSION_TO_CLIENT_IP | ||
| + | | | ||
| + | Sets if User’s session can be used from different IP addresses. When set to 1 and if User' IP address changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different IP addresses. | ||
| + | |- | ||
| + | |BIND_SESSION_TO_CLIENT_USER_AGENT | ||
| + | | | ||
| + | Sets if User’s session can be used from different User-Agent e.g. Browsers. When set to 1 and if User' User-Agent changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different User-Agents. | ||
| + | |- | ||
| + | |USE_X_FORWARDED_FOR | ||
| + | | | ||
| + | This setting must be set to 1 when QPR UI is used with load balancer or reverse proxy. When set to 1 QPR UI takes the User’ IP address from the X-Forwarded-For header. Default value is 0 i.e. setting is not set and User’ IP address is taken normally. NOTE this setting can be used with settings TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN and/or BIND_SESSION_TO_CLIENT_IP. | ||
| |} | |} | ||
| − | == Federated (SAML)  | + | == Federated Authentication Settings (SAML 2.0)  == | 
| {| class="wikitable" | {| class="wikitable" | ||
| !|Setting name (KEY_FIELD column) | !|Setting name (KEY_FIELD column) | ||
| Line 100: | Line 128: | ||
| |SCHEMA_VERSION | |SCHEMA_VERSION | ||
| |QPR UI database schema version. Do not edit this field. | |QPR UI database schema version. Do not edit this field. | ||
| + | |- | ||
| + | |DEFAULT_VIEW_PATH | ||
| + | |Defines the view that is opened by default when a user logs in to QPR UI. The view is defined as a ''path'' that is a combination of the [[QPR_UI_Folders|folder]] path and the [[View_and_Panel_Designer_in_QPR_UI#View_and_Panel_Settings|view identifier]]. User is directed to the default view also after the session has been expired and user relogins. | ||
| + | |||
| + | Examples: | ||
| + | * To define a view located in the root folder: '''/MyViewIdentifier''' | ||
| + | * To define a view in some other folder than the root folder: '''/MyFolder 1/MyFolder 2/MyViewIdentifier''' | ||
| |} | |} | ||
Latest revision as of 09:43, 23 March 2020
This page describes all QPR UI system settings stored in QPR UI database in the CONFIGURATIONENTITY table. Some of the settings can be changed during the installation in the installation wizard, and all settings can be changed after the installation by changing them directly in the database. After settings have been changed in the database, QPR UI Windows service must be restarted so that the changes take effect.
The Setting name in the following tables is defined in the KEY_FIELD column of the CONFIGURATIONENTITY table.
System Settings
Settings for QPR Product Locations
Note for the QPR product locations: If the url starts with https, the connection is secure and requires that the hostname matches with the certificate provided by the contacted server. To confirm that, check that the url opens without security errors in the web browser. However, you may still need to Import the SSL Certificate to Payara.
| Setting name (KEY_FIELD column) | Description | 
|---|---|
| MEA_SERVICE_LOCATION | QPR Suite Web Service location. QPR UI uses this to access QPR Suite. In usual configurations, where QPR Suite is in the same server computer, the address is http://localhost/QPR2017-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/. Note that you may need to change the QPR Suite version number in the url or the protocol (http/https). | 
| QPR_REPORTING_EXPRESSIONS_ | QPR Reporting Add-on Web Service location to fetch datasets. QPR UI uses this location to query to QPR Reporting Expression datasource. In usual configurations, the following setting can be used: http://localhost/QPRWebServicesExtensions/ExpressionAsDataset.ashx?xsession=<#meaSessionId>&expression=<#expression> (it may also be https). This setting support the following tags which are replaced when the setting is used by QPR UI: 
 These tags can be used to fill the needed values for xsession and expression parameters in the QPR Reporting Add-on's ExpressionAsDataset.ashx operation. | 
Security Settings
| Setting name (KEY_FIELD column) | Description | 
|---|---|
| AUTHENTICATION_SERVICES | This setting is used to configure Common QPR Authentication to QPR UI. You can find more information by clicking the setting name. | 
| ADMINISTRATORS_GROUP_NAME | Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group the members of which have administrator permissions in QPR UI. Other users have only viewer permissions. Note that if a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own hidden groups memberships and thus the hidden memberships might not give administrator permissions in QPR UI. See more about QPR UI permissions. Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time. | 
| ENTICE_USERS_GROUP_NAME | Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group which members are allowed to login to QPR UI. If a user doesn't have permissions to log in to QPR UI, user gets an error message when trying to login. Notes: 
 | 
| SESSION_EXPIRATION_TIME | QPR UI user session expiration timeout in minutes. If this setting is not defined, by default it is 2 hours. If using QPR Suite, the session expiration timeout needs to be same in both QPR UI and QPR Suite. By default, the QPR Suite session expiration timeout is 1h (setting SessionExpirationTimeout in QPR_Servers.ini). | 
| TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN | Sets if User can have multiple sessions open to QPR UI simultaneously. When set to 1 then the User can have only one session open to QPR UI at the time. If the User login again successfully e.g. with another browser then the earlier sessions are terminated. Default value is 0 i.e. setting is not set and Users can have multiple session open simultaneously. | 
| BIND_SESSION_TO_CLIENT_IP | Sets if User’s session can be used from different IP addresses. When set to 1 and if User' IP address changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different IP addresses. | 
| BIND_SESSION_TO_CLIENT_USER_AGENT | Sets if User’s session can be used from different User-Agent e.g. Browsers. When set to 1 and if User' User-Agent changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different User-Agents. | 
| USE_X_FORWARDED_FOR | This setting must be set to 1 when QPR UI is used with load balancer or reverse proxy. When set to 1 QPR UI takes the User’ IP address from the X-Forwarded-For header. Default value is 0 i.e. setting is not set and User’ IP address is taken normally. NOTE this setting can be used with settings TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN and/or BIND_SESSION_TO_CLIENT_IP. | 
Federated Authentication Settings (SAML 2.0)
| Setting name (KEY_FIELD column) | Description | 
|---|---|
| FEDERATEDLY_MANAGED_GROUPS | List of user groups that the federated authentication syncronizes for a user when the user logs in to QPR UI. | 
| SAML_AUTOMATIC_LOGIN | Federated authentication setting, described in the linked page. | 
| SAML_CONSUMER_URL | Federated authentication setting, described in the linked page. | 
| SAML_METADATA_URL | Federated authentication setting, described in the linked page. | 
| SAML_REDIRECT_URL | Federated authentication setting, described in the linked page. | 
| SAML_SERVER_ENTITY_IDENTIFIER | Federated authentication setting, described in the linked page. | 
| SAML_SIGNING_CERTIFICATE | Federated authentication setting, described in the linked page. | 
| SAML_USER_DESCRIPTION_ATTRIBUTE | Federated authentication setting, described in the linked page. | 
| SAML_USER_EMAIL_ATTRIBUTE | Federated authentication setting, described in the linked page. | 
| SAML_USER_FULLNAME_ATTRIBUTE | Federated authentication setting, described in the linked page. | 
| SAML_USER_GROUPS_ATTRIBUTE | Federated authentication setting, described in the linked page. | 
| SAML_USER_ID_ATTRIBUTE | Federated authentication setting, described in the linked page. | 
| SYSTEM_USER_NAME | QPR Suite and QPR ProcessAnalyzer administrator username. This setting is needed so that QPR UI is able to login to QPR Suite and QPR ProcessAnalyzer to set user information when the federated authentication is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password. | 
| SYSTEM_USER_PASSWORD | Password of the QPR Suite and QPR ProcessAnalyzer administrator username defined in SYSTEM_USER_NAME field. This setting is needed only when the federated authentication is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password. | 
Other settings
| Setting name (KEY_FIELD column) | Description | 
|---|---|
| DB_VERSION | QPR UI database version. Do not edit this field. | 
| SCHEMA_VERSION | QPR UI database schema version. Do not edit this field. | 
| DEFAULT_VIEW_PATH | Defines the view that is opened by default when a user logs in to QPR UI. The view is defined as a path that is a combination of the folder path and the view identifier. User is directed to the default view also after the session has been expired and user relogins. Examples: 
 | 
Changing System Settings
- Prerequisite: To change the system settings, you need to have write access to the QPR UI database in the SQL Server.
- Open SQL Server Management Studio and login to the database server.
- Browse the QPR UI database and expand it. Expand Tables, right click dbo.CONFIGURATIONENTITY and select Edit Top 200 Rows.
- If the setting that needs to be changed, already exists, you can change the setting value in the VALUE_FIELD column. The change is saved to the database right away, when the input field is defocused.
- If you need to add a new setting, add it to the bottom row with NULL.
- Restart QPR UI Windows service as follows: Open Services window in Control Panel, browse QPR UI service and click Restart).