Quick note: nprinting got back to me about saving copies of qvws anywhere else outside the accesspoint folder, then using the 'reload tasks' functionality to let nprinting reload the document instead of qvmc.  (Slight bit of extra work maintaining 2 copies of qvws either way, but only difference should be removing section access script at the start each time I make the copy for nprinting.)  Responding with my findings/tests of approaches suggested here for posterity though - also letting qvmc do it would save me trouble creating reload tasks in nprinting - qvmc seems more user friendly there.

Hi Marcus, on the surface that seemed like it should work however I encountered a couple of issues:  Can you provide steps on how to set a folder non-browsable if there's no checkbox for that on the folder properties? (I'm on Windows Server 2008.)

1> I can set/unset a checkmark on 'Hidden' but have no checkbox for 'Browseable' - hidden hides it from both AccessPoint and QVMC.

2> After some googling I see people who were able to uncheck a Browseable checkbox found it still showed in AccessPoint and one person (years ago) referenced page 37 of the reference manual saying Browseable will affect whether it can be seen in the Open in Server option, but not whether it's visible on AccessPoint.

This is close, but my section access is using just ntname while nprinting can only go through the userid/password type section access.  I can't really switch from one type to the other without big issues on the accesspoint side of stuff (lots of script to overhaul, regular qlikview users having to get through two login prompts to get to any qlikview)..

So far workaround nprinting not able to access via ntname section access is to keep a second copy of the needed qlikviews in a separate folder away from accesspoint, remove section access from their script, and let nprinting reload and use those.

I mean this here:

Steve

it's a solution, but not one I would feel happy with. Have you raised this as something they need to address, rather than just a workaround? In my view, you should really only need one version of a document, and let's face it, section access isn't the greatest solution to security issues ever devised.

Roger

Works on the surface but one serious caveat from a security perspective:

Mounting a new folder gets us partway there as long as that folder is not a subfolder of a browsable folder.  However people can still access the invisible document directly if they have or can deduce the url (url is mostly just a filepath).  A workaround might be to give one or two of the folders in the path a long random alphanumeric folder name to hinder malicious guessers, but I feel like a good code diver could get around that too.

So, we've got it 'not visible on accesspoint' which answers the question, but it's not inaccessible from Accesspoint..  I can do helpful answers and call this presumed answered, but I don't think I'd advise mounting unsecured copies of qlikviews to the qvmc since they are accessible to anyone with an internet connection and the right kind of knowledge.

I agree, Roger.  Someday maybe an option on the Connect window of nprinting to select which kind of Section Access is being used instead of just the userid pw section access window.  I think we can handle one workaround, but we'll think hard if other needs for workarounds arise.  Testing everything I can about nprinting in a test/evaluation period we've been provided.

Section Access itself feels pretty powerful to me, I like that it allows for the extreme of being able to lockout even the creator of the document - not because I like locking myself and QlikTech out of things, but because I feel comfortable that only people on my list can get in.  But I also feel like I can optimize my own use of it more.  For instance I will be seeing if I can switch it to one fixed list of security groups on the documents so I only have one master list of individuals to manage.  It is a lot of lists of individuals right now which is a bit onerous.

All-in-all these are low-budget but generally effective options - like furniture you have to assemble yourself I think.