I have given NTFS group level security permission to my QVW on server and i have allowed dynamic CALs. Actually only user who is in that group should access this report. But i have found that anybody in intranet can access this report.
Is the folder that stores that document explicitly restricted only to those who have permissions or does it inherit permissions from higher level folders? Are you showing your documents in the Accesspoint as it is or are you embedding it in a Sharepoint portal?
Note that allowing dynamic cals provided there are available licenses, any user can get a license, even if he has not granted permissions to the folder.
If you want to protect your QVW files, so no one unless those explicitly allowed are able to open the files, then you need to make sure that you have removed access to groups like "All" or "Authenticated Users"... to the folder at the highest level, so all subfolders created within inherit these restrictions. Bear in mind that in Windows, as a general rule, in case one user belongs to more than one security group, the most restrictive prevails. So far, nothing to do yet with licenses.
Make sure first that your folder structure and permissions are right, before allowing users to get licenses from the QlikView Server. Once you have verified this is working, logging on different computers as different usernames that the permissions are okay, then assign licenses to users. I'd do that manually, since you may have users not granted to open QVW files but allowed to get to the server spending one license, which does make no sense.