Skip to main content
Announcements
Qlik Community Office Hours, March 20th. Former Talend Community users, ask your questions live. SIGN UP
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable

Publisher and NTFS mode

Hi,

I've a production server with Publisher and a test/server without Publisher.

I want to use NTFS security with Publisher, that is to say managing users with NTFS right on folders.

In Publisher you can still select NTFS security mode, but when you build a task, you're forced to overwrite existing security (If I don't add recipient in tasks settings, logs says : no recipients, skipping distribution).

So do you know how to workaround it ?

Best regards

15 Replies
Bill_Britt
Former Employee
Former Employee

This is defeating the purpose of publisher. It will set the user and group rights on the QVW for you. This is a better way that just giving everyone rights to the folder.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

I need Publisher to do other things than security,

but I would like to set security on folders (I've severals reason to that).

If you're forced to use DMS with Publisher, I don't understand why the NTFS option still exist in the QMC ?

Best regards

Bill_Britt
Former Employee
Former Employee

You are not forced to do DMS mode in publisher. It is set to NTFS by default.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Yep,

but the mean difference, is in NTFS, you manage right in Windows, while in DMS, it's QlikView which controls file Access.

So if you select NTFS and then you're forced to set security in task settings instead of managing it on system folders (rights inheritance is disabled), I don't really see the difference between DMS and NTFS.

Regards

Bill_Britt
Former Employee
Former Employee

Need to check the reference manual.

The Security tab

Authorization

NTFS Authorization

Windows controls the file access for all users. Security is set in the operating system.

DMS Authorization

DMS is used to enable QlikView Server authentication. Read more about DMS on "Document Metadata

Service (DMS)" on page 181.

Publisher will set the NTFS permission on the document if you have the Security set to NTFS and it will set the DMS security if it is set for DMS.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Sorry for picking up an older thread, but this is a problem that I'm also running into. We must use NTFS permissions. NTFS permissions are setup on both the publisher source directory tree (limited to publisher admins only) and the target document directory (ACLs setup based on group permissions). All directories are setup to inherit permissions of the parent with addtional permission added as you go deeper into the directory tree.

We are just now starting to test Publisher and find that it sets permissions on the target qvw. I guess I can see the use case for this, but I would think this would be the exception, not the rule. And, there seems to be no way to have Publisher write the target QVW into the target directory and just inherit the permissions of the folder.

I must be missing something some place that toggles this behavior right? Why would an application default to not inheriting the target folder NTFS permissions?

Rick

Bill_Britt
Former Employee
Former Employee

This is done for security. If you notice that it only applies permission to the file of the users you select in the distribution job. That way only those users have rights to the file and when that user hits the AccessPoint they only see the files they have rights to.

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
Not applicable
Author

Yes, but that pushes the responsiblity of the permissions to the application, not the file system. Now I need to document permissions at both the file system (added by the sysadmin) and the Publisher task level. We have many dashboards that are not distributed by Publisher and their permissions are inherited.

Is there anyway to make Publisher do the equivalent of a windows copy where target permissions are inherited? If I hand copy a document from the source mount to the document folder, it inherits the target permission.

Is this the way everyone using NTFS permissions and Publisher works? I guess I'm looking for the best practice here.

Bill_Britt
Former Employee
Former Employee

If you are looking at best practices, then you never set secured objects at the folder level. That makes it to easy for someone to grab something they should not have. If you set them on the file level, I can only see items that I have rights to and not everything.

However, that is the joy of managing a network. You have the rights to setup the system anyway you want to. You can always set publisher distribute to all Named Users , all autherticated users or all users and then set folder level. The the least rights(folder level) will be the one applied.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.