15 Replies Latest reply: Apr 20, 2011 6:49 AM by alxtoth RSS

    NTFS issue

    Amien Amien

      i have an NTFS issue .. i have a user account that has full control over the folder and doesnt inherit rights.

      when i user 'everyone' on that folder, i see a document, when i use the user acount (with the same rights) than i dont see the document. How can this be?

        • NTFS issue

          Dont know if it helps but i experienced the same initially, set the rights to full control for 15 minutes then back to the rights you like to set.

          Worked for me

          • NTFS issue
            Miguel Angel Baeyens de Arce

            Hello Amien,

            If the user belongs to a group with different permissions the most restrictive would apply. Besides, if the user belongs to a group that has been granted with new permissions, the user needs to log on to the domain so it can take full membership rights according to his groups.

            Hope that helps.

              • NTFS issue
                Amien Amien

                @Alex .. i have reset the QV server .. so that should fix the 15 min interval

                @Miguel

                do you mean .. if the user belongs to two different groups, that the most restrictive would apply?

                i'm not adding a group to NTFS .. i'm adding a single user. does that user also need to logout/login? i assumped that this was not nececerry because i'm using login2.htm as login. so, 'm not logged in under windows at the user that i'm added

                 

                  • NTFS issue
                    Miguel Angel Baeyens de Arce

                     


                    Amien wrote:do you mean .. if the user belongs to two different groups, that the most restrictive would apply?


                    That's exactly how Windows NTFS permissions works. It's usually a good practice when sharing a resource (I don't know if this applies here) leave "Full Control" to Everyone in the Shared permissions, because they will not conflict with NTFS permissions and if group membership is accordingly set for every user, and because of this "the most restrictive applies" rule, you usually don't have to take care. Obviously, this is the optimal situation.

                    Regarding login/logout I meant should your user had been added as member of any group. And the user must log on to the Domain, not the Accesspoint, so it's not this case.

                    Anyway, you can check effective permissions on any given folder or file right clicking on it, selecting Properties, Security, Advanced button, "Effective Permissions" tab, and selecting the user. If the user has full control there (or enough permissions to get to the file) then check that the folder, if shared, has again at least the same permissions for that user when he accesses remotely.

                    If all the above fails, try logging on the computer where the files are to make sure that user can get to that folder and open the document. If everything goes fine, then you will have to check your QlikView Server permissions.

                    By the way, does this happens to any other user?

                    Hope that helps.

                     

                      • NTFS issue
                        Amien Amien

                        Anyway, you can check effective permissions on any given folder or file right clicking on it, selecting Properties, Security, Advanced button, "Effective Permissions" tab, and selecting the user. If the user has full control there (or enough permissions to get to the file) then check that the folder, if shared, has again at least the same permissions for that user when he accesses remotely.

                        i'm giving rights to folders, when i place a QVW into the upper folder, where access is 'everyone', that QVW will be shown in accesspoint.

                        when i use effective permissions one folder lower (with not everyone), the user has allmost all rights (read,write,list etc) except full control

                        btw .. when i log into accesspoint under the account with login2.htm .. it will show DOMAIN\USER .. but when i fill that same DOMAIN\USER in security options, than it will be translated to username@domain.local . that is not a problem?

                          • NTFS issue
                            Amien Amien

                            ok . i logged into the account itself ..

                            the location that i need i can access using a F: drive (mapped) .. but when i use the \\ location .. i will get an access denied.

                            my qlikview root folder is set to \\

                            how can it be that the mapped drive has access .. but the \\ folder not? its the same location

                              • NTFS issue
                                Amien Amien

                                \\ is blocked with a reason .. i have \\ in the root folder for qlikview .. when i map that location .. QEMC wont see that drive :(

                                 

                                i dont need to disable UAC right?

                                • NTFS issue
                                  Miguel Angel Baeyens de Arce

                                  Hello,

                                  If the path starts with \\ means that it's a shared folder. Permissions for shared folders are different than NTFS permissions. But in any case, the most restrictive of both will always apply. So go to the shared folder properties, Sharing tab, Advanced Sharing, (Win 2008) and check that permissions are fine and the number of simultaneous users is enough.

                                  Apart from that, if permissions are inherited that should work, but if permissions were set to that specific folder (and not the parents) the user may not be able to get through the path.

                                  Hope that helps.

                                    • NTFS issue
                                      Amien Amien

                                      So go to the shared folder properties, Sharing tab, Advanced Sharing, (Win 2008) and check that permissions are fine and the number of simultaneous users is enough.

                                      i did that from administrator account. the user that i need has all the rights. When i login with the user that i need, it says access denied, because \\ locations are generaly blocked. Can only be access using a mapped drive

                                        • NTFS issue
                                          Miguel Angel Baeyens de Arce

                                          Amien,

                                          Does QlikView fail if you load using a mapped drive instead of the UNC path? That might be a work around.

                                          Regards.

                                            • NTFS issue
                                              Amien Amien

                                              well i mapped the drive. in explorer the drive is visible and accessable. . but then i go to QEMC .. i dont see that drive using [...] button . when i enter 'G:\Qlikview' . QEMC says that the drive doesnt exists.

                                              so, the user have all permissions according to "Effective Permissions" .. when i login as the user in windows and use G:\Qlikview\....\1.QVW .. the file is accessable. The same location under \\ (UNC) is not accessable at all .. not even the root. Administrators blocked these and only can be access using G:.

                                              If the path starts with \\ means that it's a shared folder. Permissions for shared folders are different than NTFS permissions. But in any case, the most restrictive of both will always apply. So go to the shared folder properties, Sharing tab, Advanced Sharing, (Win 2008) and check that permissions are fine and the number of simultaneous users is enough.

                                              i think this is the issue .. but .. security policy doesnt allow me to change the sharedfolder permissions. and if the most restrictive of both would apply, than the user wont have access to that location.

                                              A space (example : "Qlikview Save Files") in the UNC dir name shouldn't matter right?

                                              "QlikView Server permissions" .. what kind of Server permissions?

                                               

                                               

                                                • NTFS issue
                                                  Miguel Angel Baeyens de Arce

                                                  Amien,

                                                  If QEMC says the driver doesn't exist, then the account that doesn't have permissions may be the one the QlikView Server services are running under?

                                                  A space won't matter if the whole path in double quoted:

                                                   

                                                  STORE Customers INTO "\\SERVERNAME\Resource Name\File.QVD";


                                                  By QliKView Server permissions I mean the account the services are running under. If this account is a local administrator, the services are likely to work fine, but whenever you get out of that computer (to a UNC path or mapped drive), Server may not be allowed to write or work properly.

                                                  Hope that helps.

                                                    • NTFS issue
                                                      Amien Amien

                                                      If QEMC says the driver doesn't exist, then the account that doesn't have permissions may be the one the QlikView Server services are running under?


                                                      but do i need to create the map drive while logged into the service account? because i'm now adding the mapped drive to the local admin account.

                                                      A space won't matter if the whole path in double quoted:

                                                      not even in the root path in QEMC? i assume no quotes there?

                                                       

                                                        • NTFS issue
                                                          Miguel Angel Baeyens de Arce

                                                          You can add the mapped drive if you don't want (or you can't) use the UNC path.

                                                          If the QEMC allows you to select the path, it shouldn't be any problem with that. MY view? I never set other characters than ASCII in any of my paths (QlikView, webpages, shared folders, etc), probably because of my past in the UNIX and LInux world and the troubles -at the moment- to get a path with blanks or local characters.

                                                          Anyway, Windows accepts paths with spaces and that shoiuld work in QlikView if that does in Windows.

                                                          Hope that helps.

                                                            • NTFS issue

                                                              Hi,

                                                              Mapped drives might be added only when you log in interactively with Remote Desktop. Whereas QEMC is a server process that runs in the background, and the environment is initialised differently.

                                                              Convince the the system admins to allow access to UNC paths for the service running QV .

                                                              -Alex

                                                              www.snowflakejoins.com