Difference between revisions of "QPR UI System Settings"

From Mea Wiki
Jump to navigation Jump to search
 
(59 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This page describes all QPR MobileDashboard system settings. The settings are stored in QPR MobileDashboard's database in the '''CONFIGURATIONENTITY''' table. Some of the settings can be changed during the installation in the installation wizard. After these settings are changed in the database, QPR MobileDashboard's Windows service must be restarted so that the changes take effect.
+
This page describes all QPR UI system settings stored in QPR UI database in the '''CONFIGURATIONENTITY''' table. Some of the settings can be changed during the installation in the installation wizard, and all settings can be changed after the installation by changing them directly in the database. After settings have been changed in the database, QPR UI Windows service must be restarted so that the changes take effect.
  
The '''Setting name''' in the following table is defined in the '''KEY_FIELD''' column of the CONFIGURATIONENTITY table.
+
The '''Setting name''' in the following tables is defined in the '''KEY_FIELD''' column of the CONFIGURATIONENTITY table.
 +
 
 +
= System Settings =
 +
== Settings for QPR Product Locations ==
 +
 
 +
Note for the QPR product locations: If the url starts with '''https''', the connection is secure and requires that the hostname matches with the certificate provided by the contacted server. To confirm that, check that the url opens without security errors in the web browser. However, you may still need to [[Payara_Configuration_in_QPR_UI#Importing_SSL_Certificate_to_Payara|Import the SSL Certificate to Payara]].
  
 
{| class="wikitable"
 
{| class="wikitable"
!|Setting name
+
!|Setting name (KEY_FIELD column)
 
!|Description
 
!|Description
 
|-
 
|-
|[[Permissions (QPR MobileDashboard)#Defining the administrators group|ADMINISTRATORS_GROUP_NAME]]
+
|MEA_SERVICE_LOCATION
|QPR Suite (MEA) or QPR ProcessAnalyzer user group name which member users are administrators in QPR MobileDashboard. Other users have only viewer rights.
+
|QPR Suite Web Service location. QPR UI uses this to access QPR Suite. In usual configurations, where QPR Suite is in the same server computer, the address is '''<nowiki>http://localhost/QPR2017-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/</nowiki>'''. Note that you may need to change the QPR Suite version number in the url or the protocol (http/https).
 
|-
 
|-
|[[Common QPR Authentication#Configuring Common Authentication for QPR MobileDashboard|AUTHENTICATION_SERVICES]]
+
|QPR_REPORTING_EXPRESSIONS_<wbr />WEB_SERVICE_LOCATION
|
+
|QPR Reporting Add-on Web Service location to fetch datasets. QPR UI uses this location to query to [[QPR Reporting Expression]] datasource. In usual configurations, the following setting can be used: '''<nowiki>http://localhost/QPRWebServicesExtensions/ExpressionAsDataset.ashx?xsession=<#meaSessionId>&expression=<#expression></nowiki>''' (it may also be '''https''').
 +
 
 +
This setting support the following tags which are replaced when the setting is used by QPR UI:
 +
* '''<#expression>''': Contains the expression that is sent to the web service.
 +
* '''<#meaSessionId>''': QPR Suite session id. This is empty if there is no session for QPR Suite. If [[Common QPR Authentication]] is used, QPR UI doesn't have the QPR Suite session id, and in that case this contains the QPR UI session id.
 +
* '''<#enticeSessionId>''': Contains the QPR UI session id.
 +
 
 +
These tags can be used to fill the needed values for ''xsession'' and ''expression'' parameters in the QPR Reporting Add-on's ExpressionAsDataset.ashx operation.
 +
|}
 +
 
 +
== Security Settings ==
 +
{| class="wikitable"
 +
!|Setting&nbsp;name&nbsp;(KEY_FIELD&nbsp;column)
 +
!|Description
 
|-
 
|-
|DB_VERSION
+
|[[Common QPR Authentication#Configuring Common Authentication for QPR UI|AUTHENTICATION_SERVICES]]
|QPR MobileDashboard database version. Do not edit this field.
+
|This setting is used to configure '''Common QPR Authentication''' to QPR UI. You can find more information by clicking the setting name.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|FEDERATEDLY_MANAGED_GROUPS]]
+
|ADMINISTRATORS_GROUP_NAME
|List of user groups that the federated authentication syncronizes for a user when the user logs in to QPR MobileDashboard.
+
|Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group the members of which have administrator permissions in QPR UI. Other users have only viewer permissions. Note that if a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own [[Manage_Users_in_QPR_ProcessAnalyzer_Excel_Client#Assigning_User_to_User_Group|hidden groups memberships]] and thus the hidden memberships might not give administrator permissions in QPR UI. See more about [[Permissions (QPR UI)|QPR UI permissions]].
 +
 
 +
Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time.
 
|-
 
|-
|MEA_SERVICE_LOCATION
+
|ENTICE_USERS_GROUP_NAME
|QPR Suite (MEA) web service interface location
+
|
 +
Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group which members are allowed to login to QPR UI. If a user doesn't have permissions to log in to QPR UI, user gets an error message when trying to login.
 +
 
 +
Notes:
 +
* When ENTICE_USERS_GROUP_NAME is configured, also the ADMINISTRATORS_GROUP_NAME needs to be configured.
 +
* Users belonging to group ADMINISTRATORS_GROUP_NAME are allowed to login to QPR UI, even if not part of the ENTICE_USERS_GROUP_NAME.
 +
* New user accounts are always created to QPR Suite or QPR ProcessAnalyzers even if users doesn't have permissions to log in to QPR UI.
 +
* If a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own [[Manage_Users_in_QPR_ProcessAnalyzer_Excel_Client#Assigning_User_to_User_Group|hidden groups memberships]] and thus the hidden memberships might not give administrator permissions in QPR UI. See more about [[Permissions (QPR UI)|QPR UI permissions]].
 +
* Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time.
 
|-
 
|-
|PA_SERVICE_LOCATION
+
|[[Common QPR Authentication#QPR UI Session Expiration|SESSION_EXPIRATION_TIME]]
|QPR ProcessAnalyzer web service interface location.
+
|QPR UI user session expiration timeout in minutes. If this setting is not defined, by default it is 2 hours. If using QPR Suite, the session expiration timeout needs to be same in both QPR UI and QPR Suite. By default, the QPR Suite session expiration timeout is 1h (setting ''SessionExpirationTimeout'' in ''QPR_Servers.ini'').
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_AUTOMATIC_LOGIN]]
+
|TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN
 
|
 
|
 +
Sets if User can have multiple sessions open to QPR UI simultaneously. When set to 1 then the User can have only one session open to QPR UI at the time. If the User login again successfully e.g. with another browser then the earlier sessions are terminated. Default value is 0 i.e. setting is not set and Users can have multiple session open simultaneously.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_CONSUMER_URL]]
+
|BIND_SESSION_TO_CLIENT_IP
 
|
 
|
 +
Sets if User’s session can be used from different IP addresses. When set to 1 and if User' IP address changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different IP addresses.
 
|-
 
|-
|[[Federated_Authentication in QPR MobileDashboard#Configuration entries when using metadata|SAML_METADATA_URL]]
+
|BIND_SESSION_TO_CLIENT_USER_AGENT
 
|
 
|
 +
Sets if User’s session can be used from different User-Agent e.g. Browsers. When set to 1 and if User' User-Agent changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different User-Agents.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Configuration entries when using a public key|SAML_REDIRECT_URL]]
+
|USE_X_FORWARDED_FOR
 
|
 
|
 +
This setting must be set to 1 when QPR UI is used with load balancer or reverse proxy. When set to 1 QPR UI takes the User’ IP address from the X-Forwarded-For header. Default value is 0 i.e. setting is not set and User’ IP address is taken normally. NOTE this setting can be used with settings TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN and/or BIND_SESSION_TO_CLIENT_IP.
 +
|}
 +
 +
== Federated Authentication Settings (SAML 2.0)  ==
 +
{| class="wikitable"
 +
!|Setting&nbsp;name (KEY_FIELD column)
 +
!|Description
 
|-
 
|-
|[[Federated_Authentication in QPR MobileDashboard#Configuration entries when using metadata|SAML_SERVER_ENTITY_IDENTIFIER]]
+
|[[Federated Authentication in QPR UI#Common configuration entries|FEDERATEDLY_MANAGED_GROUPS]]
|
+
|List of user groups that the federated authentication syncronizes for a user when the user logs in to QPR UI.
 +
|-
 +
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_AUTOMATIC_LOGIN]]
 +
|Federated authentication setting, described in the linked page.
 +
|-
 +
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_CONSUMER_URL]]
 +
|Federated authentication setting, described in the linked page.
 +
|-
 +
|[[Federated_Authentication in QPR UI#Configuration entries when using metadata|SAML_METADATA_URL]]
 +
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR_MobileDashboard#Configuration entries when using a public key|SAML_SIGNING_CERTIFICATE]]
+
|[[Federated Authentication in QPR UI#Configuration entries when using a public key|SAML_REDIRECT_URL]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_USER_DESCRIPTION_ATTRIBUTE]]
+
|[[Federated_Authentication in QPR UI#Configuration entries when using metadata|SAML_SERVER_ENTITY_IDENTIFIER]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_USER_EMAIL_ATTRIBUTE]]
+
|[[Federated Authentication in QPR_UI#Configuration entries when using a public key|SAML_SIGNING_CERTIFICATE]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_USER_FULLNAME_ATTRIBUTE]]
+
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_USER_DESCRIPTION_ATTRIBUTE]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_USER_GROUPS_ATTRIBUTE]]
+
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_USER_EMAIL_ATTRIBUTE]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Federated Authentication in QPR MobileDashboard#Common configuration entries|SAML_USER_ID_ATTRIBUTE]]
+
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_USER_FULLNAME_ATTRIBUTE]]
|
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|SCHEMA_VERSION
+
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_USER_GROUPS_ATTRIBUTE]]
|QPR MobileDashboard database schema version. Do not edit this field.
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
|[[Common QPR Authentication#QPR MobileDashboard Session Expiration|SESSION_EXPIRATION_TIME]]
+
|[[Federated Authentication in QPR UI#Common configuration entries|SAML_USER_ID_ATTRIBUTE]]
|QPR MobileDashboard user session expiration time in minutes. By default this is 30 minutes.
+
|Federated authentication setting, described in the linked page.
 
|-
 
|-
 
|SYSTEM_USER_NAME
 
|SYSTEM_USER_NAME
|QPR Suite (MEA) system username. Used in the federated authentication.
+
|QPR Suite and QPR ProcessAnalyzer administrator username. This setting is needed so that QPR UI is able to login to QPR Suite and QPR ProcessAnalyzer to set user information when the [[Federated Authentication in QPR UI|federated authentication]] is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password.
 
|-
 
|-
 
|SYSTEM_USER_PASSWORD
 
|SYSTEM_USER_PASSWORD
|Password of the QPR Suite (MEA) system user defined in SYSTEM_USER_NAME field.
+
|Password of the QPR Suite and QPR ProcessAnalyzer administrator username defined in SYSTEM_USER_NAME field. This setting is needed only when the [[Federated Authentication in QPR UI|federated authentication]] is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password.
 +
|}
 +
 
 +
==Other settings ==
 +
{| class="wikitable"
 +
!|Setting&nbsp;name (KEY_FIELD column)
 +
!|Description
 +
|-
 +
|DB_VERSION
 +
|QPR UI database version. Do not edit this field.
 +
|-
 +
|SCHEMA_VERSION
 +
|QPR UI database schema version. Do not edit this field.
 +
|-
 +
|DEFAULT_VIEW_PATH
 +
|Defines the view that is opened by default when a user logs in to QPR UI. The view is defined as a ''path'' that is a combination of the [[QPR_UI_Folders|folder]] path and the [[View_and_Panel_Designer_in_QPR_UI#View_and_Panel_Settings|view identifier]]. User is directed to the default view also after the session has been expired and user relogins.
 +
 
 +
Examples:
 +
* To define a view located in the root folder: '''/MyViewIdentifier'''
 +
* To define a view in some other folder than the root folder: '''/MyFolder 1/MyFolder 2/MyViewIdentifier'''
 
|}
 
|}
  
[[Category: QPR MobileDashboard]]
+
= Changing System Settings =
 +
# Prerequisite: To change the system settings, you need to have write access to the QPR UI database in the SQL Server.
 +
# Open '''SQL Server Management Studio''' and login to the database server.
 +
# Browse the QPR UI database and expand it. Expand '''Tables''', right click '''dbo.CONFIGURATIONENTITY''' and select '''Edit Top 200 Rows'''.
 +
# If the setting that needs to be changed, already exists, you can change the setting value in the '''VALUE_FIELD''' column. The change is saved to the database right away, when the input field is defocused.
 +
# If you need to add a new setting, add it to the bottom row with '''NULL'''.
 +
# Restart QPR UI Windows service as follows: Open '''Services''' window in Control Panel, browse '''QPR UI''' service and click '''Restart''').
 +
 
 +
[[Category: QPR UI]]

Latest revision as of 09:43, 23 March 2020

This page describes all QPR UI system settings stored in QPR UI database in the CONFIGURATIONENTITY table. Some of the settings can be changed during the installation in the installation wizard, and all settings can be changed after the installation by changing them directly in the database. After settings have been changed in the database, QPR UI Windows service must be restarted so that the changes take effect.

The Setting name in the following tables is defined in the KEY_FIELD column of the CONFIGURATIONENTITY table.

System Settings

Settings for QPR Product Locations

Note for the QPR product locations: If the url starts with https, the connection is secure and requires that the hostname matches with the certificate provided by the contacted server. To confirm that, check that the url opens without security errors in the web browser. However, you may still need to Import the SSL Certificate to Payara.

Setting name (KEY_FIELD column) Description
MEA_SERVICE_LOCATION QPR Suite Web Service location. QPR UI uses this to access QPR Suite. In usual configurations, where QPR Suite is in the same server computer, the address is http://localhost/QPR2017-1/Portal/QPR.Isapi.dll/wsforward/MainService.svc/webHttp/. Note that you may need to change the QPR Suite version number in the url or the protocol (http/https).
QPR_REPORTING_EXPRESSIONS_WEB_SERVICE_LOCATION QPR Reporting Add-on Web Service location to fetch datasets. QPR UI uses this location to query to QPR Reporting Expression datasource. In usual configurations, the following setting can be used: http://localhost/QPRWebServicesExtensions/ExpressionAsDataset.ashx?xsession=<#meaSessionId>&expression=<#expression> (it may also be https).

This setting support the following tags which are replaced when the setting is used by QPR UI:

  • <#expression>: Contains the expression that is sent to the web service.
  • <#meaSessionId>: QPR Suite session id. This is empty if there is no session for QPR Suite. If Common QPR Authentication is used, QPR UI doesn't have the QPR Suite session id, and in that case this contains the QPR UI session id.
  • <#enticeSessionId>: Contains the QPR UI session id.

These tags can be used to fill the needed values for xsession and expression parameters in the QPR Reporting Add-on's ExpressionAsDataset.ashx operation.

Security Settings

Setting name (KEY_FIELD column) Description
AUTHENTICATION_SERVICES This setting is used to configure Common QPR Authentication to QPR UI. You can find more information by clicking the setting name.
ADMINISTRATORS_GROUP_NAME Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group the members of which have administrator permissions in QPR UI. Other users have only viewer permissions. Note that if a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own hidden groups memberships and thus the hidden memberships might not give administrator permissions in QPR UI. See more about QPR UI permissions.

Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time.

ENTICE_USERS_GROUP_NAME

Name of QPR Suite (MEA) or QPR ProcessAnalyzer user group which members are allowed to login to QPR UI. If a user doesn't have permissions to log in to QPR UI, user gets an error message when trying to login.

Notes:

  • When ENTICE_USERS_GROUP_NAME is configured, also the ADMINISTRATORS_GROUP_NAME needs to be configured.
  • Users belonging to group ADMINISTRATORS_GROUP_NAME are allowed to login to QPR UI, even if not part of the ENTICE_USERS_GROUP_NAME.
  • New user accounts are always created to QPR Suite or QPR ProcessAnalyzers even if users doesn't have permissions to log in to QPR UI.
  • If a user is not an administrator in QPR ProcessAnalyzer, user cannot see his/her own hidden groups memberships and thus the hidden memberships might not give administrator permissions in QPR UI. See more about QPR UI permissions.
  • Group memberships are synchronized to QPR UI when users log in, so if group memberships are changed during a user session, permissions changes are effective only when user logs in the next time.
SESSION_EXPIRATION_TIME QPR UI user session expiration timeout in minutes. If this setting is not defined, by default it is 2 hours. If using QPR Suite, the session expiration timeout needs to be same in both QPR UI and QPR Suite. By default, the QPR Suite session expiration timeout is 1h (setting SessionExpirationTimeout in QPR_Servers.ini).
TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN

Sets if User can have multiple sessions open to QPR UI simultaneously. When set to 1 then the User can have only one session open to QPR UI at the time. If the User login again successfully e.g. with another browser then the earlier sessions are terminated. Default value is 0 i.e. setting is not set and Users can have multiple session open simultaneously.

BIND_SESSION_TO_CLIENT_IP

Sets if User’s session can be used from different IP addresses. When set to 1 and if User' IP address changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different IP addresses.

BIND_SESSION_TO_CLIENT_USER_AGENT

Sets if User’s session can be used from different User-Agent e.g. Browsers. When set to 1 and if User' User-Agent changes during the session then the session is terminated and the User must login again. Default value is 0 i.e. setting is not set and User can keep session open with different User-Agents.

USE_X_FORWARDED_FOR

This setting must be set to 1 when QPR UI is used with load balancer or reverse proxy. When set to 1 QPR UI takes the User’ IP address from the X-Forwarded-For header. Default value is 0 i.e. setting is not set and User’ IP address is taken normally. NOTE this setting can be used with settings TERMINATE_USERS_OTHER_SESSIONS_ON_SUCCESSFUL_LOGIN and/or BIND_SESSION_TO_CLIENT_IP.

Federated Authentication Settings (SAML 2.0)

Setting name (KEY_FIELD column) Description
FEDERATEDLY_MANAGED_GROUPS List of user groups that the federated authentication syncronizes for a user when the user logs in to QPR UI.
SAML_AUTOMATIC_LOGIN Federated authentication setting, described in the linked page.
SAML_CONSUMER_URL Federated authentication setting, described in the linked page.
SAML_METADATA_URL Federated authentication setting, described in the linked page.
SAML_REDIRECT_URL Federated authentication setting, described in the linked page.
SAML_SERVER_ENTITY_IDENTIFIER Federated authentication setting, described in the linked page.
SAML_SIGNING_CERTIFICATE Federated authentication setting, described in the linked page.
SAML_USER_DESCRIPTION_ATTRIBUTE Federated authentication setting, described in the linked page.
SAML_USER_EMAIL_ATTRIBUTE Federated authentication setting, described in the linked page.
SAML_USER_FULLNAME_ATTRIBUTE Federated authentication setting, described in the linked page.
SAML_USER_GROUPS_ATTRIBUTE Federated authentication setting, described in the linked page.
SAML_USER_ID_ATTRIBUTE Federated authentication setting, described in the linked page.
SYSTEM_USER_NAME QPR Suite and QPR ProcessAnalyzer administrator username. This setting is needed so that QPR UI is able to login to QPR Suite and QPR ProcessAnalyzer to set user information when the federated authentication is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password.
SYSTEM_USER_PASSWORD Password of the QPR Suite and QPR ProcessAnalyzer administrator username defined in SYSTEM_USER_NAME field. This setting is needed only when the federated authentication is in use. Note that if you have both QPR Suite and QPR ProcessAnalyzer in use, they must use the same user account and password.

Other settings

Setting name (KEY_FIELD column) Description
DB_VERSION QPR UI database version. Do not edit this field.
SCHEMA_VERSION QPR UI database schema version. Do not edit this field.
DEFAULT_VIEW_PATH Defines the view that is opened by default when a user logs in to QPR UI. The view is defined as a path that is a combination of the folder path and the view identifier. User is directed to the default view also after the session has been expired and user relogins.

Examples:

  • To define a view located in the root folder: /MyViewIdentifier
  • To define a view in some other folder than the root folder: /MyFolder 1/MyFolder 2/MyViewIdentifier

Changing System Settings

  1. Prerequisite: To change the system settings, you need to have write access to the QPR UI database in the SQL Server.
  2. Open SQL Server Management Studio and login to the database server.
  3. Browse the QPR UI database and expand it. Expand Tables, right click dbo.CONFIGURATIONENTITY and select Edit Top 200 Rows.
  4. If the setting that needs to be changed, already exists, you can change the setting value in the VALUE_FIELD column. The change is saved to the database right away, when the input field is defocused.
  5. If you need to add a new setting, add it to the bottom row with NULL.
  6. Restart QPR UI Windows service as follows: Open Services window in Control Panel, browse QPR UI service and click Restart).