On the Security tab, the settings for authentication, authorization, communication, and cluster license can be managed.
Authentication
Clients
It is possible to select whether the QlikView Server (QVS) should use Windows authentication, when possible, or not. To configure the type of authentication, select one of the following options:
- Always Anonymous, meaning that anonymous communication is forced.
- Allow Anonymous (default), meaning that authentication is used whenever possible.
- Prohibit Anonymous, meaning that authentication is forced.
Anonymous Account
By default, the QVS will create the anonymous account on the local machine. If a cluster is used, the anonymous account should be changed to be a domain account, so that the servers in the cluster can share the account. This setting is only applicable if the server is running in NTFS mode. To configure the type of account, select one of the following options:
- On Domain
- On Local Computer
Authorization
The mode that the QVS will use when authorizing access to documents can be configured. Traditionally and by default, the QVS uses the NTFS Authorization mode, which means that the Windows operating system controls the file (document) access for users and groups through the NTFS security settings. The DMS Authorization mode uses the QVS Document Metadata Service (DMS) facility to authorize the file (document) access for users and groups. When this mode is used, the QlikView Publisher (QVP) Directory Service Connector (DSC) must be accessible, in order to resolve group membership. To select which Directory Service Connector to use, select one of the following options:
- NTFS Authorization, meaning that the Windows operating system controls the file access.
- DMS Authorization, meaning that the QlikView Server DMS controls the file access.
Miscellaneous
Allow Dynamic Data Update
To enable macros or external processes to update parts of the data in semi-real time, tick this check box.
This feature allows dynamic updates of the data in the currently loaded document. It is intended for QlikView Administrators to feed limited amounts of data to a QlikView document from a single source without running a reload of the document.
Default value: Disabled (unticked check box)
Allow Macro Execution on Server
To enable macros to execute on the QVS, tick this check box.
This feature applies to AJAX clients, since macros run on the QVS when using AJAX and in the client when using QlikView Desktop or the QlikView plugin.
If disabled, macros that use AJAX are blocked.
Default value: Enabled (ticked check box)
Allow Unsafe Macro Execution on Server
To enable unsafe macros to execute on the QVS, tick this check box.
Default value: Disabled (unticked check box)
Allow Admin Using Name and Password
If the QVP is running in a separate Windows Active Directory, this setting has to be enabled to be able to connect to the QVS service. Also, the account used to connect must be part of the QlikView Administrators group. To enable the support of the separate Windows Active Directory, tick this check box.
Enable Server Push Over HTTP Tunnels
To enable graceful document refresh over HTTP tunnels, tick this check box.
If enabled, the client keeps asking the QVS if there is an available refresh, which consumes bandwidth.
If disabled, the user is not informed of an available refresh until actively performing some other operation.
Default value: Disabled (unticked check box)
Compress Network Traffic
To let large packages be compressed in communication between the client and the QlikView Server, tick this check box.
Default value: Enabled (ticked check box)
Allow Extensions
To enable QlikView Extensions to be added to documents, tick this check box.
If enabled, extensions (normal or document) – residing in the proper Extensions folder – are available and used.
If disabled, the QVS does not check for or use any extensions.
Default value: Enabled (ticked check box)
Cluster License
All QVSs in a cluster must have the same build number and share the same document root. When upgrading to a new version of QlikView, this is normally not a problem, if all servers are stopped, upgraded, and re-started in one go. However, if not all servers are upgraded at the same time, the build number and document root have to be taken into consideration, since the original cluster is split into two sub-clusters during the upgrade process – one that runs the original version of QlikView and one that runs the new version of QlikView – until all servers have been successfully upgraded to the new version of QlikView. Both sub-clusters share the existing cluster license, including all CALs.
The process for upgrading a single server in a cluster to a new version of QlikView is as follows:
- Open the QlikView Management Console (QMC) on any server in the cluster.
- Fill in the Alternate Build Number and Alternate Document Root fields (see below for details). The field values are automatically propagated to all servers in the cluster.
- Stop the server that is to be upgraded.
- Install the new version of QlikView on the server that was stopped.
- Open the Settings.ini file (normally located in the C:\ProgramData\QlikTech\QlikViewServer folder) on the server where the new version of QlikView was installed.
- Edit the path to the root folder (“DocumentDirectory”), so that it points to the same folder as the Alternate Document Root field in the QMC.
- Start the upgraded server.
Alternate Build Number
In this text box, enter the build number for the new version of QlikView that is installed on the servers in the cluster that are upgraded.
The build number is part of the QlikView version number. The format of the QlikView version number is as follows:
<Major release version>.<Service release version>.<Build number>.0
- 12: Major release version (in this case, QlikView 12)
- 0: Service release version (in this case, QlikView 12.0)
- 11154: Build number
- 0: Always zero
Alternate Document Root
In this text box, enter the document root to be used by the servers in the cluster that are upgraded to the new version of QlikView.
