6 Replies Latest reply: Sep 12, 2012 2:15 PM by Daniel Rozental RSS

    Access denied to documents when using getwebticket combined with section access and publisher loop and reduce

      Hi All,

       

       

      We have hit a roadblock in our development and hopefully someone can see what we are missing.

       

       

      We are attempting to use getwebticket functionality (aspnet) combined with, section access/section application and publisher’s loop and reduce functionality.

       

       

      In our initial testing we used the reload engine instead of publisher. The ticket and document reduction were working properly. In our production environment we can see the ticket is generated and the accesspoint recognizes the authenticated user, their name is displayed in the upper right corner, but when you attempt to open a document access is denied.

       

       

      I created an account on the authentication site that is the same as the account that runs all our Qlikview services (QlikviewAccount in the section access and section application script(below)). This account can open all documents.

       

       

      If we turn off reduce data/strict exclusion in the document and reload other authenticated users can access the document, leading us to believe the issue lies in the section access/application.

       

       

      I then commented out the section access and section application key words and confirmed that the data is being loaded in the security tables and everything links properly. So I’m a bit stumped, is there a setting we are missing when using publisher or is there an issue in our section access/application script?

       

       

      Below are the settings and script:

       

       

      Product: Qlikview Server 11 (11.0.11282.0)

       

       

      Qlikview Server settings:

       

       

      1) DMS mode

      2) Prohibit Anonymous

       

       

      Qlikview Web Server settings: - authentication

      1) Always

       

       

      Publisher job:

      1) Reload enabled

      2) Reduce – loop through document field

      3) Distribute to all authenticated users

       

       

      Document Settings:

      1) Security – Admin Override Security

      2) Opening – Reduce Data – strict exclusion

      3) Server – Filter AccessPoint Document List Based on Section Access – checked

       

       

      Document Security:

       

       

      SECTION Access;

       

       

      load

      ACCESS,

      NTNAME,

      REPLACE(REPLACE(SECURITYKEY,'{',''),'}','') AS SECURITYKEY;

      sql select upper(username) as NTNAME,upper(case c.rolename when 'Administrator' then 'Admin' else 'User' end) as ACCESS, ltrim(rtrim(upper(a.userid))) as SECURITYKEY

      from qlikview_security.dbo.aspnet_Users as a

      inner join qlikview_security.dbo.aspnet_UsersInRoles as b

            on a.UserId = b.UserId

      inner join qlikview_security.dbo.aspnet_roles as c

            on b.RoleId = c.RoleId

      where lower(c.rolename)<>'registered';

       

       

      load * inline [

      NTNAME,ACCESS,SECURITYKEY

      QlikviewAccount,ADMIN,QV-121-344-422

      ];

       

       

      SECTION Application;

       

       

      star is '*';

       

       

      load

      REPLACE(REPLACE(SECURITYKEY,'{',''),'}','') AS SECURITYKEY,

      DATAKEY,

      if(SCOPE=0,1,2) as SCOPE

      ;

      sql select ltrim(rtrim(upper(a.userid))) as SECURITYKEY ,ltrim(rtrim(isnull(e.EntityCode,'*'))) as DATAKEY, f.scope as SCOPE

      from qlikview_security.dbo.aspnet_Users as a

      inner join qlikview_security.dbo.aspnet_UsersInRoles as b

            on a.UserId = b.UserId

      inner join qlikview_security.dbo.aspnet_roles as c

            on b.RoleId = c.RoleId

      left join qlikview_security.dbo.UsersEntities as d

            on a.UserId = d.UserId

      left join qlikview_security.dbo.Entities as e

            on d.EntityId = e.EntityId

      inner join qlikview_security.dbo.UserDemographic as f

            on a.UserId = f.UserId

      where lower(c.rolename)<>'registered' and active = 1;

      //

      load * inline [

      SECURITYKEY,DATAKEY,SCOPE

      QV-121-344-422,*,1

      ];

       

       

      Thanks for your assistance,

       

       

      Dirk