Security

On the Security tab, the settings for authentication, authorization, communication, and cluster license can be managed.

Authentication

Clients

It is possible to select whether the QlikView Server (QVS) should use Windows authentication, when possible, or not. To configure the type of authentication, select one of the following options:

  • Always Anonymous, meaning that anonymous communication is forced.
  • Allow Anonymous (default), meaning that authentication is used whenever possible.
  • Prohibit Anonymous, meaning that authentication is forced.
Note: Make sure that this selection is consistent with any other security setting that may be specified in the virtual directories of the web server. For example, if the Microsoft IIS allows anonymous communication, but the QlikView Server does not, the client user will get an error message when trying to open the application through the virtual directory.

Anonymous Account

By default, the QVS will create the anonymous account on the local machine. If a cluster is used, the anonymous account should be changed to be a domain account, so that the servers in the cluster can share the account. This setting is only applicable if the server is running in NTFS mode. To configure the type of account, select one of the following options:

  • On Domain
  • On Local Computer

Authorization

The mode that the QVS will use when authorizing access to documents can be configured. Traditionally and by default, the QVS uses the NTFS Authorization mode, which means that the Windows operating system controls the file (document) access for users and groups through the NTFS security settings. The DMS Authorization mode uses the QVS Document Metadata Service (DMS) facility to authorize the file (document) access for users and groups. When this mode is used, the QlikView Publisher (QVP) Directory Service Connector (DSC) must be accessible, in order to resolve group membership. To select which Directory Service Connector to use, select one of the following options:

  • NTFS Authorization, meaning that the Windows operating system controls the file access.
  • DMS Authorization, meaning that the QlikView Server DMS controls the file access.

Miscellaneous

Allow Dynamic Data Update

To enable macros or external processes to update parts of the data in semi-real time, tick this check box.

This feature allows dynamic updates of the data in the currently loaded document. It is intended for QlikView Administrators to feed limited amounts of data to a QlikView document from a single source without running a reload of the document.

Note: The uploaded information is only stored in RAM, so any data added or updated using the Allow Dynamic Data Update feature is lost, if a reload of the document is performed.
Note: It is recommended to disable the Allow Dynamic Data Update feature, since it can be time-consuming.
Note: The Allow Dynamic Data Update feature is not supported in clustered QlikView Server (QVS) environments.

Default value: Disabled (unticked check box)

Allow Macro Execution on Server

To enable macros to execute on the QVS, tick this check box.

This feature applies to AJAX clients, since macros run on the QVS when using AJAX and in the client when using QlikView Desktop or the Microsoft Internet Explorer plugin.

If disabled, macros that use AJAX are blocked.

Default value: Enabled (ticked check box)

Allow Unsafe Macro Execution on Server

To enable unsafe macros to execute on the QVS, tick this check box.

Note: Unsafe macros are not allowed on reload tasks.

Default value: Disabled (unticked check box)

Allow Admin Using Name and Password

If the QVP is running in a separate Windows Active Directory, this setting has to be enabled to be able to connect to the QVS service. Also, the account used to connect must be part of the QlikView Administrators group. To enable the support of the separate Windows Active Directory, tick this check box.

Note: If this setting cannot be enabled through the QMC, instead, it can be added in the QlikView settings file, Settings.ini, which is located in the directory C:\ProgramData\QlikTech\QlikViewServer\. Add AllowAlternateAdmin=1 in the Settings 7 section.

Enable Server Push Over HTTP Tunnels

To enable graceful document refresh over HTTP tunnels, tick this check box.

Note: The Enable Server Push Over HTTP Tunnels feature only applies when a) using QlikView Desktop or the Microsoft Internet Explorer plugin and b) the communication is tunneled.

If enabled, the client keeps asking the QVS if there is an available refresh, which consumes bandwidth.

If disabled, the user is not informed of an available refresh until actively performing some other operation.

Default value: Disabled (unticked check box)

Compress Network Traffic

To let large packages be compressed in communication between the client and the QlikView Server, tick this check box.

Note: The Compress Network Traffic feature should always be enabled.

Default value: Enabled (ticked check box)

Allow Extensions

To enable QlikView Extensions to be added to documents, tick this check box.

If enabled, extensions (normal or document) – residing in the proper Extensions folder – are available and used.

If disabled, the QVS does not check for or use any extensions.

Default value: Enabled (ticked check box)

Cluster License

All QVSs in a cluster must have the same build number and share the same document root. When upgrading to a new version of QlikView, this is normally not a problem, if all servers are stopped, upgraded, and re-started in one go. However, if not all servers are upgraded at the same time, the build number and document root have to be taken into consideration, since the original cluster is split into two sub-clusters during the upgrade process – one that runs the original version of QlikView and one that runs the new version of QlikView – until all servers have been successfully upgraded to the new version of QlikView. Both sub-clusters share the existing cluster license, including all CALs.

The process for upgrading a single server in a cluster to a new version of QlikView is as follows:

  1. Open the QlikView Management Console (QMC) on any server in the cluster.
  2. Fill in the Alternate Build Number and Alternate Document Root fields (see below for details). The field values are automatically propagated to all servers in the cluster.
  3. Stop the server that is to be upgraded.
  4. Install the new version of QlikView on the server that was stopped.
  5. Open the Settings.ini file (normally located in the C:\ProgramData\QlikTech\QlikViewServer folder) on the server where the new version of QlikView was installed.
  6. Edit the path to the root folder (“DocumentDirectory”), so that it points to the same folder as the Alternate Document Root field in the QMC.
  7. Start the upgraded server.

Alternate Build Number

In this text box, enter the build number for the new version of QlikView that is installed on the servers in the cluster that are upgraded.

The build number is part of the QlikView version number. The format of the QlikView version number is as follows:

<Major release version>.<Service release version>.<Build number>.0

  • 12: Major release version (in this case, QlikView 12)
  • 0: Service release version (in this case, QlikView 12.0)
  • 11154: Build number
  • 0: Always zero

Alternate Document Root

In this text box, enter the document root to be used by the servers in the cluster that are upgraded to the new version of QlikView.

Note: The document root for the sub-cluster that runs the new version of QlikView must differ from the document root for the sub-cluster that runs the original version of QlikView (that is, the sub-clusters must not share the same document root).

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?