Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
michelknecht
Contributor II
Contributor II
‎2018-09-06 03:19 AM

Granting access to QlikView Access Point

Good Morning,

We're currently encountering an issue with the QlikView Access Point. Only members of the local administrators group have access to the Access Point (not QVW). Here some informations how the server is set up:

  1. QlikView Server installed, no publisher, license is active
  2. Directory Service is configured with LDAP to the correct domain. CALs can be assigned to domain-users without any problem.
  3. QlikView-Apps can be accessed via access point once a user is added to the local administrators group
  4. Authentication is set to "Always", "NTLM" and "Login page"
  5. Server is on a highly restricted hosted environment. Clients access via IE on a Citrix-platform.
  6. All domain-users are in the local users group.
  7. Loginprocess of some users have been checked, they correctly try to login with DOMAIN\USER and their AD-Password.
  8. When a user outside of the administators group tries to log in, they don't encounter any error. The loginpage just gets resetted.

Do we have to adjust some local security policies on the W2012 R2 server? Or any other ideas?

Thanks a lot in advance and best regards!

5,418 Views
0 Likes
1 Solution

Accepted Solutions
michelknecht
Contributor II
Contributor II
‎2018-09-11 10:57 AM
Author

In response to Miguel_Angel_Baeyens

Thank you very much mbaeyens for all your help. We tested all of your input and located the reason for this problem in the local security policy. A users needs the privilege to log on locally on the server to get access:

Best regards

Michel

View solution in original post

5,297 Views
5 Replies
Miguel_Angel_Baeyens
Employee
Employee
‎2018-09-10 07:48 AM

Does the access via Citrix keep the user properties of the users (e.g.: same NTNAME/USERID) or are they instead somehow overwritten by the user effectively running Citrix?

Do the folders storing the QVW, Shared, PGO, etc. follow those permissions as well (e.g.: any non-admin user has effective read-write-execute permissions)?

If IIS is used, are there any restrictions on the websites or folders within the website?

5,297 Views
michelknecht
Contributor II
Contributor II
‎2018-09-10 11:12 AM
Author

In response to Miguel_Angel_Baeyens

Hi Miguel, thank you very much for your answer! 🙂

Citrix keeps the user properties of the domain user. Users didn't even get to the index of the Access Point, they're stuck on the Login-Page. When we add the user to the local administrators group on the QV-Server, the QV-Access Point grants access.

Further, all domain users received read/write rights to all documents used by QlikView (Program Files, Program Data and QVW-Folders).

We use the QVWS on port 8080. Port 80 is already used by an Apache Webserver (Tomcat) on the same server. No IIS server is used in this case.

The fact that all domain users added to the local administrators are able to login the QVWS is a bit confusing.

5,297 Views
0 Likes
Miguel_Angel_Baeyens
Employee
Employee
‎2018-09-10 12:07 PM

In response to michelknecht

So looks like non-admin users cannot execute the javascript files which actually perform the login for some reason. Is the browser published in Citrix or do they run a virtual desktop from which they open a browser which in turn connects to the AccessPoint?

If the former, it could be that the QlikView server is not included in the list of trusted sites/privileged sites for non-admin users.

If the latter, I would focus instead on the QlikView server itself: antivirus, security or similar software not allowing some users?

Should not be a network issue since once in the group, the login works fine, neither are permissions.

One quick and dirty test is create an dummy HTML page and place it on the "qlikview" folder according to the settings in the QMC (by default, C:\Program Files\QlikView\Web), so any user going to

http://url/qlikview/dummy.html

should see it.

Eventually, this test could be done with any other folder in the QMC > Web Servers configuration.

If the users don't even see that, most likely they lack some permissions in the Citrix configuration or in the server side.

5,297 Views
michelknecht
Contributor II
Contributor II
‎2018-09-11 10:57 AM
Author

In response to Miguel_Angel_Baeyens

Thank you very much mbaeyens for all your help. We tested all of your input and located the reason for this problem in the local security policy. A users needs the privilege to log on locally on the server to get access:

Best regards

Michel

5,298 Views
Miguel_Angel_Baeyens
Employee
Employee
‎2018-09-11 11:21 AM

In response to michelknecht

Glad to see you solved the issue and thanks for letting us know how

5,297 Views
0 Likes