When publishing an IBM Clarity Visualizer Report to the Clarity application, only the ClaritySVC account can view the published report, all other users are unable to see the report and receive the error below.
Error message generated by the application:
The issue is related to how the Visualizer Web config is passing the user credentials.
If you enable impersonation, ASP.NET impersonates the token passed to itby IIS (Internet Information Services). Depending on the authentication method used for Visualizer in IIS (e.g. Windows authentication, Anonymous, Basic), it will either pick the account IUSR or the Windows identity of the users; if the impersonation is set to false, then it will pick the account specified in the VizAppPool in IIS (by default is Network Service).
For example, if the impersonation is set to true and Windows authentication is enabled in IIS, then the users might be restricted to specific resources and they may even not be able to use the application. When disabling the impersonation, it will use the Network Service account - which has more permissions across the server and its resources.
IBM Clarity Visualizer 7.x
Diagnosing the problem
- Create a new report in Visualizer Builder and publish the report to Clarity Web.
- Log into Clarity Web with the Clarity Service account, and user should be able to load report without issue.
- Log into Clarity Web with a standard user and the user should receive the error that a valid SSAS connection could not be made
Resolving the problem
Browse to the Visualizer folder on the server located under Clarity Systems\ClarityServer\
Open the cpmviz folder and locate the web.config file.
Modify the Identity Impersonate tag to be false (screen shot below):