Absolutely, this is possible. But keep in mind that section access would not be necessary, strictly speaking, because you would already have filtered the users ability to view files by their NT identities. Basically, I'm not sure what the point would be of using their Windows usernames to check against section access if they wouldn't have been able to see the file in the first place if the NTFS permissions weren't correct. It would be a different story if you want a separate logon in section access, using a different username/password--that would just be a 2nd level of security, and would make more sense to me.
To answer your question, however, I would recommend using SIDs, since that way you don't run into typos as much. The section access would look like this, for example:
Star is *;
Load * inline
The point of DMS...that's a loaded question :) DMS is very useful to perform functions that are not possible with NTFS security. 2 examples are connecting to non-Windows Directory Services and creating custom directories specifically for use with QlikView.
Thank you for your reply. There seems to be a bit of confusion. Let me express myself properly...
This is what I am aiming for regardless of how it is setup...
- Users log on to their computer
- When they reach the QV access point (Via the IE plug-in), they only see the applications that they are allowed.
- When they open an application, they only see the data that they are allowed to.
For example, our sales application will present data for all divisions. However, users of each divisions should only have access to the division they are part of while corporate managers have full access to all divisions.
How would you proceed?
In that case, use the same section access code style I posted above, but add a field REDUCTION that will control what they can see. See pages 510-11 of the QlikView Reference Manual for more details. Alternatively, you can do this with Loop & Reduce in Publisher Enterprise, but only if your document has the proper field associations between data and username.
Adding the server to your domain you'll have the possibility to use QVS with NTFS security, automatically QVS will add a Directory Service Connector pointed to your AD.
Users connecting to Access Point will be recognized automatically from windows authentication, the important thing is that you add in your section access your users enabled to access applications in the NTNAME field, check server manual for examples.
We've moved our QV server into the active directory but although I have access to the QVW folders and files, I still get a password prompt when I reach the Access Point (Before the list of apps opens). If I type in my user id and pass, the list is generated and I can browse fine.
In theory the user is authenticated when he logs onto his computer and since the QV server is now in the same domain, it's authentication should follow due to being in the AD.