In my understanding when opening a document (qvw) from AJAX in which the document have section access embedded, it will override the login prompt. So a client with matching details will able to open the document while others will be denied.
How about the URL of the document? Does it still showing anything like userid and password as of using NTFS authorization?
FYI, I don't currently have a licensed Qlikview Server to test. And I'm trying to call the document directly using the URL. Also I want to hide the userid and password in the URL. I cannot use DMS because we're planning to use Small Business Edition only.