Product: TIBCO Spotfire®
How to open analysis files on the Web Player when they contain linked data located on a network share.
When Spotfire files loads data from files on network shares, you need to grant at least read permission on the network share to the user accessing the network share. Depending on what authentication method is used, the user accessing the network share is different.
You always need to add the path to the network share to the AllowedFilePaths section of the web player configuration file. See KB article 000029119 for more information on how to do this.
The Web player service is running under the identity of the Spotfire Node Manager service. This means that unless you are using Kerberos as authentication method on the Spotfire server and you have enabled delegation for the account running the Node Manager (NM) service, it is the identity of the user running the NM service that will be used to connect to network shares.
- If you are not using Kerberos as authentication method, then you need to make sure the user running the NM service has read permissions to the network share. If you are running the service as the default "Local system" account, then it is the computer account of the Windows server that needs to have read permissions to the network share.
- If you are using Kerberos as authentication method and have enabled delegation for both the TIBCO Spotfire Server (TSS) service account used for Kerberos and for the user running the NM service, then you need to make sure the end user has read permissions to the network share..
Using MS Office files like xlsx, xls, mdb, and accdb:
By default, the Web Player uses an "out of process" method to load data from MS Office files (Excel and Access) into the Web player. When using this method it will always be the user running the NM service that will be used to access the network share. This means that you need to grant read permissions on the network share to the user running the Node Manager.
If you want, you can change this behavior and make it so that the end users credentials are used (if using Kerberos as mentioned earlier) by editing the service config file Spotfire.Dxp.Worker.Host.exe.config and add the below to the <Spotfire.Dxp.Data.Properties.Settings> section of the config file
<setting name="DataImport_LoadOutOfProcess" serializeAs="String"> <value>False</value> </setting>
You can read more about how to edit service configuration files in the manual TIBCO Spotfire® Server and Environment Installation and Administration
Linking data to files located on a network share should always be done using UNC paths and not mapped network drives. You need to link the data in the analysis as "\\server\networkshare\file.ext" and NOT e.g. "z:\folder\file.ext" KB: 000036445 Constrained Kerberos Delegation to file shares
KB: 000029119 How to configure access to local and shared network directories for the TIBCO Spotfire Web Player