Local user is running the QlikView Server
So in this case, what options do I have to fix this issue?!
Per QVS manual page 171(as below), I went ahead and added read privileges for the mounted folder to IQVS_name user. But still no luck... We dont use NT based security for user authentication. And DMS Authorization is selected in QVS management console.
anonymous user account
When the QlikView Server is started for the first time on a machine an
account will be created for anonymous users. The account will be named
IQVS_name where name is the name of the machine in the local network.
If the machine in question is a domain server, the anonymous account will be
created as a domain account or it will be a local machine account.
Each folder and file that should be available from anonymous clients must
be given read privileges to the anonymous account.
Note It is important to start QlikView Server and thereby let it create the
anonymous account before any attempt is made to grant privileges. You must
not try to create the anonymous account yourself!
Isnt "Authorization" come after the "Authentication"? May be I am confused, but till 8.5, I could just install the QV server, mount a folder, add a document and start accessing by qvp:// url. Of course, I would need to pass userid when accessing the document. We dont keep passwords in QlikView's section access. So all our documents has "*" added as part of the Password field in section access.
If it is necessary to add each individual user for each individual .qvw file in the authorization section, then we will have to add 200 users in 20 documents!
By the way, for testing purpose, I did add my userid in authorization for the test qvw, but still cant see it when accessed using qvp:// in IE. When Connect to Server box popped up, I selected Alternate Identity and specified userid and clicked Connect again. Then it asked for Password, but thats not setup in any of the section access of our qvw files. So just specified some random password and clicked ok. Got some http tunneling error at the end..
When you are using DMS, you have a choice of specifying each user or you can set "Anonymous" so that all authenticated users will get access to the document - this is the way that DMS has always worked. If you previously "just installed" QVS then it would have installed with the default NT authentication and may have operated as you suggest.
I just read the details on QVS manual pages 53,54 and was able to fix it after adding "Anonymous" user to the document under Authorization tab. Phew! Thanks a lot!
One final question (sorry!) - Do I have to add "Anonymous" to each individual document or is there a generic setting under QVS console that will apply to all the documents?
Here my configuration in the qemc for the security tab :
Authentication Clients Anonymous Account Always Anonymous
-->On Local Computer
Authorization NTFS Authorization (Windows controls file access) DMS Authorization (QlikView controls file access) Directory Service Connector URL
Miscellaneous Allow Dynamic Data Update Allow Macro Execution on Server Allow Unsafe Macro Execution on Server Allow Admin Using Name and Password Enable Server Push over HTTP Tunnels Compress network Traffic AlternateBuildNumber
I don't know if I forgot something in this tab, With this configuration I see nothing in the qlikview client.
When I change DMS to NTFS I see all examples applications.
I don't use publisher too.
Perhaps, I must change the "directory service connector URL"?
In the User documents tab I have this configuration :-->
Server settings Authorization Document Information ReloadRecipentsName AccessDOMAIN\GroupAdmin Always "
In Bold, the options which were checked.
Is it possible to help me and tell me where I have forgot something?
In your reply you suggest that each user must be added individually; however, the manual (pages 53/54) suggests that AD groups can be used for authorization when connecting to Active Directory using DMS.
Do you know if AD groups can be authorized to view a document on a QlikView 9 server? If so, can you point me to some extra documentation for setting this up; if not, do you know if that fact is documented anywhere?
Martijn ter Schegget
PS: the issue I'm trying to solve is in this thread. Maybe when we've sorted it all out, one of us should write a wiki article on setting up AD authentication/authorization?