Skip to main content
Announcements
Qlik Community Office Hours, March 20th. Former Talend Community users, ask your questions live. SIGN UP
cancel
Showing results for 
Search instead for 
Did you mean: 
michelknecht
Contributor II
Contributor II

Granting access to QlikView Access Point

Good Morning,

We're currently encountering an issue with the QlikView Access Point. Only members of the local administrators group have access to the Access Point (not QVW). Here some informations how the server is set up:

  1. QlikView Server installed, no publisher, license is active
  2. Directory Service is configured with LDAP to the correct domain. CALs can be assigned to domain-users without any problem.
  3. QlikView-Apps can be accessed via access point once a user is added to the local administrators group
  4. Authentication is set to "Always", "NTLM" and "Login page"
  5. Server is on a highly restricted hosted environment. Clients access via IE on a Citrix-platform.
  6. All domain-users are in the local users group.
  7. Loginprocess of some users have been checked, they correctly try to login with DOMAIN\USER and their AD-Password.
  8. When a user outside of the administators group tries to log in, they don't encounter any error. The loginpage just gets resetted.

Do we have to adjust some local security policies on the W2012 R2 server? Or any other ideas?

Thanks a lot in advance and best regards!

1 Solution

Accepted Solutions
michelknecht
Contributor II
Contributor II
Author

Thank you very much mbaeyens for all your help. We tested all of your input and located the reason for this problem in the local security policy. A users needs the privilege to log on locally on the server to get access:

Best regards

Michel

View solution in original post

5 Replies
Miguel_Angel_Baeyens

Does the access via Citrix keep the user properties of the users (e.g.: same NTNAME/USERID) or are they instead somehow overwritten by the user effectively running Citrix?

Do the folders storing the QVW, Shared, PGO, etc. follow those permissions as well (e.g.: any non-admin user has effective read-write-execute permissions)?

If IIS is used, are there any restrictions on the websites or folders within the website?

michelknecht
Contributor II
Contributor II
Author

Hi Miguel, thank you very much for your answer! 🙂

Citrix keeps the user properties of the domain user. Users didn't even get to the index of the Access Point, they're stuck on the Login-Page. When we add the user to the local administrators group on the QV-Server, the QV-Access Point grants access.

Further, all domain users received read/write rights to all documents used by QlikView (Program Files, Program Data and QVW-Folders).

We use the QVWS on port 8080. Port 80 is already used by an Apache Webserver (Tomcat) on the same server. No IIS server is used in this case.

The fact that all domain users added to the local administrators are able to login the QVWS is a bit confusing.

Miguel_Angel_Baeyens

So looks like non-admin users cannot execute the javascript files which actually perform the login for some reason. Is the browser published in Citrix or do they run a virtual desktop from which they open a browser which in turn connects to the AccessPoint?

If the former, it could be that the QlikView server is not included in the list of trusted sites/privileged sites for non-admin users.

If the latter, I would focus instead on the QlikView server itself: antivirus, security or similar software not allowing some users?

Should not be a network issue since once in the group, the login works fine, neither are permissions.

One quick and dirty test is create an dummy HTML page and place it on the "qlikview" folder according to the settings in the QMC (by default, C:\Program Files\QlikView\Web), so any user going to

http://url/qlikview/dummy.html

should see it.

Eventually, this test could be done with any other folder in the QMC > Web Servers configuration.

If the users don't even see that, most likely they lack some permissions in the Citrix configuration or in the server side.

michelknecht
Contributor II
Contributor II
Author

Thank you very much mbaeyens for all your help. We tested all of your input and located the reason for this problem in the local security policy. A users needs the privilege to log on locally on the server to get access:

Best regards

Michel

Miguel_Angel_Baeyens

Glad to see you solved the issue and thanks for letting us know how