I was playing around for a while with this subject without success. The idea is to avoid my users uses another user ID and Password since they are authenticated to my network agains a global domain using Windows Active Directory services.
Beside to use SID on my Section Access, I don't know if we need to change something on our IIS.
Below you will see the code that we are using on our test app, but when we open it from a user computer, there is no link between the security and the data. I mean, our goal is to show only the data belong to the logged user.
CONNECTTO [Provider=SQLOLEDB.1;Persist Security Info=False;uid=$(DBUSERID);pwd=$(DBUSERPWD);Initial Catalog=$(DBNAME);Data Source=$(DBHOST);Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Use Encryption for Data=False;Tag with column collation when possible=False];
loaddistinct UPPER(@1) as @UID
FROM C:\Apps\Qlik\Security\secSKPI.txt (ansi, txt, delimiter is ',', explicit labels)
//FROM secSKPI.txt (ansi, txt, delimiter is ',', explicit labels)
You may simplify your script using NTNAME as USERID in section access, and a reduction field that exists in your data, it may be rep name, some other key. In this case, your user will be logged into the document and the data will be reduced based on that reduction field, with no need to type user and password again.
I'd suggest you to check this post. Instead of using USERID use NTNAME, since all your users are already members of the domain.
After made the changes that you mention, now the app is still asking my UserName and Password for open.
Also, I've checked the post you mention but none of the examples shows how to work with NT domain authentication.
In order to review the data used by the app on the NTNAME field, can I cath the data on the Section Access using a QVD file? I'm having the feeling that the NTNAME on my files (used to reduce data) are not the same as the NTNAME pass for the Domain system.
Usually, NTNAME is the name you use to log in your domain. So you need to change USERID field for NTNAME, and you don't have to load PASSWORD field (QlikView will look into the directory). Your NTNAME field will look like DOMAIN\USERNAME as used when logging into your computer.
Anyway, backup your files when using section access, because you can be locked out, and there's no way to get access again, if there's an error loading or whatever.
By the way, you actually can load section access from a QVD file, but make sure all fields are uppercase and load is done unoptimized, meaning
LOAD ACCESS, NTNAME, REDUCTIONFIELD FROM SA.QVD WHERE 1=1;