Discussion Board for collaboration on QlikView Security and Governance.
problem, my NTNAME in uppercase DOMAIN\NTNAME as it should be in section access.
this is my OSUser DOMAIN\ntname when I access the application. This is for qlikview not the same, I guess?!
works in desktop but not in AcessPoint.
I use distribution in publisher. 11.20 sr10
In section access you best specify NTNAME values in the same case as windows lists them in security dialog boxes (the domain name is usually upper case). In theory the values for NTNAME are case insensitive and will match whatever Windows returns (upper/lower/mixed case). NTNAME does not have to follow the same rules as a Section Access link field that has to match a corresponding Section Application field.
If it doesn't work in the AP, did you make sure that you did at least one reload on the server?
Osuser() = NT user and qvuser() = section access user aren't be necessary the same but often they are. I suggest you put two textboxes with osuser() and qvuser() into your app to see what qv returned on desktop and access point and I think the domain-part is different.
=NTNAME=OSUser() in a textbox will gives me 0
=NTNAME=upper(OSUser()) will gives me -1
Yes I have reload it several times from publisher.
we use AD so qvuser() is not an option.
When I open file in desktop all works fine I my NTNAME har correct id.
When I open in server my NTNAME is my service account.
I have solve this before by reduce the service account in my section application in a where statment like NTNAME <> 'DOMAIN\ServiceAccount' but it doesent work this time.
You cannot use the section access NTNAME field, as it is not visible to anyone/anything outside Section Access (this is a hidden part of the QlikView data model)
Moreoever, the test is senseless because it implies regular QlikView data matching rules, while the security techniques in Section Access do not use the same rules (NTNAME values are case insensitive)
OSUser() returns the current user ID as returned by the OS (e.g. Windows), which is not necessarily equual to what you entered in NTNAME.
I use NTNAME in my section Application togheter with my reduce field. That should be OK, or?
Could it be problem that I distribute the application to an AD-group?
I'm very sorry but I don't really understand what you mean.
The NTNAME field should have a value for every account with which you try to open the document.
Imagine that you are logged in Windows (and in AD) with a windows account name = yourdomain\sjohansson. Then your NTNAME field in Section Access should have a line with this value to let you open the document, whether you open the document using File open in your QV desktop on your laptop, or whether you open the same document in the AccessPoint using a browser on the same laptop where you are logged in Windows using the same account. You can check the value of your current account in the AccessPoint in the top right corner of the AP mlanding page (that shows the different document thumbnails).
If you are using another method to open a document on the server, please specify which method this is.
I admit that I may be nitpicking here but you can use NTNAME in Section Application and it won't have any effect whatsoever on security or on your getting access to your document. It's the NTNAME in Section Access that matters.
The NTNAME field in Section Application is only for information, nothing else.
I have it in my Section Access part togheter with ACCESS and my fields.