Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
I've a production server with Publisher and a test/server without Publisher.
I want to use NTFS security with Publisher, that is to say managing users with NTFS right on folders.
In Publisher you can still select NTFS security mode, but when you build a task, you're forced to overwrite existing security (If I don't add recipient in tasks settings, logs says : no recipients, skipping distribution).
So do you know how to workaround it ?
Best regards
This is defeating the purpose of publisher. It will set the user and group rights on the QVW for you. This is a better way that just giving everyone rights to the folder.
I need Publisher to do other things than security,
but I would like to set security on folders (I've severals reason to that).
If you're forced to use DMS with Publisher, I don't understand why the NTFS option still exist in the QMC ?
Best regards
You are not forced to do DMS mode in publisher. It is set to NTFS by default.
Yep,
but the mean difference, is in NTFS, you manage right in Windows, while in DMS, it's QlikView which controls file Access.
So if you select NTFS and then you're forced to set security in task settings instead of managing it on system folders (rights inheritance is disabled), I don't really see the difference between DMS and NTFS.
Regards
Need to check the reference manual.
The Security tab
Authorization
NTFS Authorization
Windows controls the file access for all users. Security is set in the operating system.
DMS Authorization
DMS is used to enable QlikView Server authentication. Read more about DMS on "Document Metadata
Service (DMS)" on page 181.
Publisher will set the NTFS permission on the document if you have the Security set to NTFS and it will set the DMS security if it is set for DMS.
Sorry for picking up an older thread, but this is a problem that I'm also running into. We must use NTFS permissions. NTFS permissions are setup on both the publisher source directory tree (limited to publisher admins only) and the target document directory (ACLs setup based on group permissions). All directories are setup to inherit permissions of the parent with addtional permission added as you go deeper into the directory tree.
We are just now starting to test Publisher and find that it sets permissions on the target qvw. I guess I can see the use case for this, but I would think this would be the exception, not the rule. And, there seems to be no way to have Publisher write the target QVW into the target directory and just inherit the permissions of the folder.
I must be missing something some place that toggles this behavior right? Why would an application default to not inheriting the target folder NTFS permissions?
Rick
This is done for security. If you notice that it only applies permission to the file of the users you select in the distribution job. That way only those users have rights to the file and when that user hits the AccessPoint they only see the files they have rights to.
Yes, but that pushes the responsiblity of the permissions to the application, not the file system. Now I need to document permissions at both the file system (added by the sysadmin) and the Publisher task level. We have many dashboards that are not distributed by Publisher and their permissions are inherited.
Is there anyway to make Publisher do the equivalent of a windows copy where target permissions are inherited? If I hand copy a document from the source mount to the document folder, it inherits the target permission.
Is this the way everyone using NTFS permissions and Publisher works? I guess I'm looking for the best practice here.
If you are looking at best practices, then you never set secured objects at the folder level. That makes it to easy for someone to grab something they should not have. If you set them on the file level, I can only see items that I have rights to and not everything.
However, that is the joy of managing a network. You have the rights to setup the system anyway you want to. You can always set publisher distribute to all Named Users , all autherticated users or all users and then set folder level. The the least rights(folder level) will be the one applied.
Bill