4 Replies Latest reply: Oct 8, 2011 3:12 AM by Sudeep Mahapatra RSS

    QlikView 10 from 8.2 security access

      This is a very long one, but please bear with me!  I feel like I am about to cry right now because things have gone from bad to worse to catastrophe!

       

      We have been running QlikView version 8.2 for far, far too long and I am in the process of user acceptance testing on version 10.  In our original scope of the project, we had intended to have a vendor do most of the installation with major revamps for security access changes and general cleanup of loading scripts, but due to significant budget cuts (the drawback of working for a non-profit), we have shortened the project to simply making it work with what we have today and everything done by an internal I.T. employee (me).

       

      Old (Currently production) 8.2 server:

      An "expert" from QlikTek was brought in for initial setup and configuration.  An Access section in our load scripts within our dashboard referencing an external excel spreadsheet data source that QlikView is sucking data out of that contains department code number (for security access filtering), UserID and password (only specified for the QV system application user - all others are asterisk, asterisk), Access, NT Name, and a handful of other fields that are for human benefit when reading or modifying the file.  it also appears in version 8.2 that there is a separate section on the load scripts where you can specify "use this file for access control" (I'm paraphrasing) that was also marked.

       

      New 10.0 server:

      I had reloaded the dashboard successfully logged in as myself (there is no license for QV desktop for our QV system application user, so I wasn't able to test this out there).  It reloaded fine.  When I migrated the dashboard to server, testing users were able to open and view it through the interface, but there didn't appear to be any security access filtering. When I finally got all of the supporting tasks set up in Publisher and tried to reload the dashboard there, it wouldn't reload and gave me an error message saying "Document open call failed. The document might require username and password.", so I went in and removed the access section of the script.  At some point in there, I also went in to the security settings section in Enterprise Management Console and tired to set up some security (I don't know if this is important or not) by creating some empty section access tables. Removing the access section allowed publisher to run, but now users (including myself) are getting prompted for a username and password when they try to open the dashboard through the server and no existing domain NT logins (including our system application account) with or without a domain name seem to work for anyone (nor does just putting ** in). I've tried adding the names in to the access tables I created, but that didn't change anything.

       

      Please help!!!

        • QlikView 10 from 8.2 security access
          Daniel Rozental

          Sorry, I got lost in there.

           

          Can you summarize your problem a bit? Have you locked yourself out or are you unable to reload the document with section access from the server?

            • QlikView 10 from 8.2 security access

              Both.  The document won't reload with the access security in, and right now no one can access the document through Access Point.

                • QlikView 10 from 8.2 security access

                  Okay, so I figured out the secret to resolve this, but it doesn't make any sense

                   

                  Page 82 of the QlikView Server reference manual says:

                   

                  Data Protection

                  Section Access

                  Mark the check box if other credentials than the default should be used. This setting allows you to select the username and password the Distribution Service should use when opening QlikView documents. The default configuration is for the service to use the Windows credentials that are set for the service itself in the Windows Computer Management Console.

                  The login that publisher and distribution service are using that is listed in Win Mgmt console for the services is a domain login that should have full administrative rights to the machine and is also listed in the security file as having full access to the data.  The only way to get around my problems was to check the box anyways and re-enter the same login with its password.  I'm not sure why this worked, but it worked.

              • QlikView 10 from 8.2 security access
                Sudeep Mahapatra

                Hi If you are still facing the issue(Document open call failed. The document might require username and password) in publisher then please follow these steps and let me know if it works.

                1. in your section access code you need to add the Publisher Functional ID as an ADMIN.

                The code should look like below.

                Section Access;

                LOAD * INLINE[

                ACCESS, NTNAME,OMIT

                ADMIN, FUNCIDOFPUBLISHER

                USER, NORMUSERS, FIELDNAME

                ];

                Section Application;

                 

                In the Above code the FUNCIDOFPUBLISHER is the user id used for the publisher (You can find that in Windows Settings go to Server Manager > Configuration > Services > Look for Qlikview distribution Service on right panel of the window )

                2. Once you know the user id you can put the id in place of FUNCIDOFPUBLISHER and for NORMUSERS you can list your user group names or user names per your application.

                Note: OMIT column may not be used for data reduction but it is useful when you want to hide the column data from users. It omits the data from DataModel itself. So if you have a Search Object then you will not see the data under results of the search.

                Reference: Qlikview Server Reference Manual - Chap 28 Section Access

                 

                Regards,

                Sudeep