topic Re: qlikview ntfs security in QlikView

qlikview ntfs security

Anonymous — Mon, 26 Jan 2026 18:19:17 GMT

Hi everybody,

I have a question regarding ntfs security.

I'm a member of the Administrators group on the server. This group has been given rights for a qlikview file and i am able to see the file on the access point. So this is what i would expect.

When I remove the Administrators (from the list of users and groups that have rights for the file) and instead add another local group, then i suddenly can't see the file on the access point - eventhouh i am a member of this group as well.

Can someoby help with this? Is it not possible to assign rights to a file in this way?

Best regards,

Michael

Re: qlikview ntfs security

marcus_sommer — Fri, 10 Mar 2017 14:07:08 GMT

I think better will be to assign access rights on folders and not on files. Are you a member of the another local group or any other group which has access? Further do you mean with removing really a delete of the group or a lock?

Another point will be section access which could be also used to control the visibility of applications within the access point.

- Marcus

Re: qlikview ntfs security

Anonymous — Mon, 13 Mar 2017 10:29:48 GMT

Hey Marcus

Thanks for your reply.

Yes, i'm a member of the local Group which I added to the list of "groups or user names" under 'properties - security' on the file.

I did't delete the Administrators group - i just removed it from the list.

What am i doing wrong, since this is not working out?

/Michael

Re: qlikview ntfs security

marcus_sommer — Mon, 13 Mar 2017 11:41:39 GMT

Is section access enabled with the control of the list of documents in the access point (document properties in tab server on the bottom right area)?

- Marcus

Re: qlikview ntfs security

Anonymous — Mon, 13 Mar 2017 11:52:14 GMT

Yes it is.

/Michael

Re: qlikview ntfs security

marcus_sommer — Mon, 13 Mar 2017 11:58:48 GMT

Just for testing - disable the section access within the script and the document properties and reload+save the application - and try again to access it within the access point. If you could see and access the application - the solution will be that the section access needs an adjustment.

- Marcus

Re: qlikview ntfs security

Anonymous — Mon, 13 Mar 2017 12:15:29 GMT

I'm currently not using section access in the script, so i don't think its about that.

Previously we did use section access to control the access to parts of the datamodel for some users.

We don't do that anymore, because we generally found section access to be a bit difficult for us to administrate and Work with.

I have now disabled the section access in the document properties, reloaded and saved. I don't see the application on the access point.

/Michael

Re: qlikview ntfs security

marcus_sommer — Mon, 13 Mar 2017 12:26:13 GMT

Belonged your local usergroup to the same active directory as your administrator-group (probably not)? If not I think you need to specify your local directory within the qmc:

- Marcus

Re: qlikview ntfs security

Anonymous — Mon, 13 Mar 2017 15:49:11 GMT

Both Groups are local and part of the local directory.

I have also tried to add my AD name directly to the list (the exact same username as is part of the Administrator Group). Stil I can't see the application.

I don't get it.

Thanks for your suggestions.

/Michael

Re: qlikview ntfs security

marcus_sommer — Mon, 13 Mar 2017 16:11:38 GMT

For testing try to create a new usergroup and assign you as a member and than give this group access rights to the folder where the application reside - maybe there is anything wrong with the other usergroup - active directory could be complicated (for non-admins like me) with inheritance of rights and possible locks anywhere.

- Marcus

Re: qlikview ntfs security

Anonymous — Mon, 13 Mar 2017 17:34:56 GMT

That is exactly what I have already done. The group has been given rights to folder and the file.

I have removed all inheritance so I only have the explicit rights given to this group where i'm a member.

Yep it's not very intuitive.

/Michael

Re: qlikview ntfs security

marcus_sommer — Mon, 13 Mar 2017 18:13:21 GMT

I think I'm out of ideas. Maybe pcammaert could be give a hint.

- Marcus

Re: qlikview ntfs security

Peter_Cammaert — Tue, 14 Mar 2017 07:57:21 GMT

Add the new group in which you are a member to the security list of the folder containing the document that already has this group included in the security list of the file properties. The folder may need other permissions than the simple Read-access required for files to be visible/accessible in the AccessPoint.

Re: qlikview ntfs security

Anonymous — Tue, 14 Mar 2017 19:50:36 GMT

Hey Peter.. The new Group is already added to the security list of the folder with full control.

It is so frustrating. I don't se the difference of using an administrator Group where i'm a member or my username explicitly.

Can I control the visibility of applications in another way?

The problem is that I want to publish an application, but just a few of the users with a Named User Cal should be able to access/see the aplication. I thought I could create a local user Group with these users and add this Group alone to the security list. But as you can understand that is not working as expected......

/Michael

Re: qlikview ntfs security

marcus_sommer — Wed, 15 Mar 2017 07:43:32 GMT

I'm not absolutely sure but I think the recommended way to assign access rights goes over folders which are parallel to eachother - this meant to use separate folders for each different access without nesting folders and/or assigning access rights to files - to avoid potential troubles with the complexity of the active directory. Maybe this is here a bit exaggerating but it should hint in the right direction ...

Beside them and if only one or few applications are affected which meant it would be need a lot of efforts to change the general access-control you could use section access with the control of the list of documents in the access point (document properties in tab server on the bottom right area). For this you need only ACCESS and NTNAME within the section access without a connection to the datamodel - anyone who's not listed there won't see the application.

- Marcus