Thanks guys. What has happened was I set (initial data reduction based on selection access), then checked strict exclusion. When users were accessing the application from AccessPoint they were being prompted for their userid/password. I remove the data reduction and strict exclusion and all is well. Thanks for your help. I am new to this Qlikview application, I have only been using it for about 3 months.
Yes, I am using Publisher Enterprise and AD to control content. It's easy, and no extract of AD data required.
There are multiple ways to control document access. By "document access" I mean:
1. What documents the user can see in a document list like "Open in Server" folder listing or Access Point screen.
2. What documents a user may actually successfully open.
3. What data the user can see once they get the document open, ie, all data or reduced data.
There are a number of ways to control the above.
1. Section Access. Has no impact on document list. Can control who can open document. Can reduce data. Security data must be defined in the document. Correct doument options set for reduction.
2. Windows File permissions. May limit document list . Will limit who can open document. No data reduction. No security data defined in the document.
3. DMS. No comment because I have not used it.
4. Publisher Distribution. Will limit document list . Will limit who can open document (by applying WIndows Persmissions). Data reduction possible. No security data defined in the document.
At my site, we user Publisher Distribution for everything. We do no Section Access at all. Most of our documents are distributed un-reduced. That is, everyone that can open the document sees the same data. We specify the AD userids and/or Groups in the DIstribution Task and those are the only users who will see and be able to open the document.
A few documents are reduced, and for that we use Publisher Reduction.
Back to your original problem -- You are using Publisher, and "Joe" can access everyone's documents. Joe should be able to open any document for which he has Windows Read permission. The permissions associated with any given document are set to whatever users and groups are selected in the Recipient section of the Publisher Distribution Task for that document. So if the recipient lsit is set to your test AD group, only members of that group should be able to see and open that file. Is that what you are seeing or something different?
If it's not working as you expect, check the WIndows permissions on the distributed file and see if they are what you would expect.
I'm off for a week. If you have more questions maybe someone else can pick up the thread.