Setting up Group access restriction in QV 9

For security purposes, we may want to restrict accesses to specific QV

documents. By using QV 9 built-in features with Windows Active Directory, we
can easily achieve that by following this walk through.

Prerequisite:

Windows AD is properly configured with the users and groups.

A privilege AD user that can browse the AD. This user will be used in the
DSC configuration
QV9.x

1. Configure QV DSC (Directory Service Connectors). First, clik on the + to add

the Directory service and enter the AD host. Secondly, enter the user and
password that has the privileges to browse the AD.

Note the path the LDAP keyword should be in uppercase.

2. Verify the DSC log

Open Windows Explorer and navigate to C:\Documents and Settings\All
Users\Application Data\QlikTech\DirectoryServiceConnector\Log
Open the latest log file and verify if there is any error. If no errors, it should
look like the following:

25/03/2010 17:21:16.2092500 Information

(ActiveDirectory.ActiveDirectoryProvider) Looking up RootDSE:
LDAP://myAD.com/RootDSE
25/03/2010 17:21:16.2248750 Information
(ActiveDirectory.ActiveDirectoryProvider) Looking up node:
LDAP://myAD.com/CN=Partitions,CN=Configuration,DC=xxx,DC=xxx,DC=com
25/03/2010 17:21:16.2248750 Information
(ActiveDirectory.ActiveDirectoryProvider) Finding nCName:
DC=xxx,DC=xx,DC=com
25/03/2010 17:21:16.2248750 Information
(ActiveDirectory.ActiveDirectoryProvider) Searching for netbiosname...
25/03/2010 17:21:16.2248750 Information
(ActiveDirectory.ActiveDirectoryProvider) Search hit:
LDAP://myAD.com/CN=xxx,CN=xxx,CN=xxx,DC=xxx,DC=xxx,DC=com with
netbiosname windows and ncname: dc=xxx,dc=xxx,dc=com
25/03/2010 17:21:16.2248750 Information
(ActiveDirectory.ActiveDirectoryProvider) Adding netbiosname windows as
primary domain qualifier

3. Setting DMS authorization mode

To control access to documents, we need to set up the property security on
the QVS

a. Make sure to check on Prohibit anonymous

b. Enable DMS authorization. The Directory Service Connector URL is the
URL located in Directory Service Connectors

4. Configure the login in QVWS (Qlikview Webserver)

a. Authentication set to Always

b. Default Preferred Client set to Ajax if desired

5. Configure Ajax on QVS (optional)

6. Configure Documents authorization

When setting up the DMS authorization, there will be an authorization tab in
the Documents properties section.

a. Clik on the + to add a group name if you want to authorize access to all
the users in this group or a specific user

To add a user:
Mydomain\user
To add a group
Mydomain\groupname
Edit the new group or user you just added

Disable Anonymous

7. Testing your configuration

Open a Firefox browser and enter the QV url. Ex.
http://<qlikviewhost>/qlikview
There will be an authentication popup to enter the username/password. Enter
the username/password that has been provided by your AD administrator
Ex.

mydomain\user1
password

You will normally have access to your documents depending on the group or
user access defined above.

Note: Do not test with Internet Explorer (IE). Since it uses NTLM, it wont let
you to switch user.