14 Replies Latest reply: Mar 15, 2017 3:43 AM by Marcus Sommer RSS

    qlikview ntfs security

    Michael Jokumsen

      Hi everybody,

       

      I have a question regarding ntfs security.

       

      I'm a member of the Administrators group on the server. This group has been given rights for a qlikview file and i am able to see the file on the access point. So this is what i would expect.

       

      When I remove the Administrators (from the list of users and groups that have rights for the file) and instead add another local group, then i suddenly can't see the file on the access point - eventhouh i am a member of this group as well.

       

      Can someoby help with this? Is it not possible to assign rights to a file in this way?

       

      Best regards,

       

      Michael

        • Re: qlikview ntfs security
          Marcus Sommer

          I think better will be to assign access rights on folders and not on files. Are you a member of the another local group or any other group which has access? Further do you mean with removing really a delete of the group or a lock?

           

          Another point will be section access which could be also used to control the visibility of applications within the access point.

           

          - Marcus

            • Re: qlikview ntfs security
              Michael Jokumsen

              Hey Marcus

               

              Thanks for your reply.

               

              Yes, i'm a member of the local Group which I added to the list of "groups or user names" under 'properties - security' on the file.

               

              I did't delete the Administrators group - i just removed it from the list.

               

              What am i doing wrong, since this is not working out?

               

              /Michael

                • Re: qlikview ntfs security
                  Marcus Sommer

                  Is section access enabled with the control of the list of documents in the access point (document properties in tab server on the bottom right area)?

                   

                  - Marcus

                    • Re: qlikview ntfs security
                      Michael Jokumsen

                      Yes it is.

                       

                      /Michael

                        • Re: qlikview ntfs security
                          Marcus Sommer

                          Just for testing - disable the section access within the script and the document properties and reload+save the application - and try again to access it within the access point. If you could see and access the application - the solution will be that the section access needs an adjustment.

                           

                          - Marcus

                            • Re: qlikview ntfs security
                              Michael Jokumsen

                              I'm currently not using section access in the script, so i don't think its about that.

                               

                              Previously we did use section access to control the access to parts of the datamodel for some users.

                              We don't do that anymore, because we generally found section access to be a bit difficult for us to administrate and Work with.

                               

                              I have now disabled the section access in the document properties, reloaded and saved. I don't see the application on the access point.

                               

                              /Michael

                                • Re: qlikview ntfs security
                                  Marcus Sommer

                                  Belonged your local usergroup to the same active directory as your administrator-group (probably not)? If not I think you need to specify your local directory within the qmc:

                                   

                                  - Marcus

                                    • Re: qlikview ntfs security
                                      Michael Jokumsen

                                      Both Groups are local and part of the local directory.

                                       

                                      I have also tried to add my AD name directly to the list (the exact same username as is part of the Administrator Group). Stil I can't see the application.

                                       

                                      I don't get it.

                                       

                                      Thanks for your suggestions.

                                       

                                      /Michael

                                        • Re: qlikview ntfs security
                                          Marcus Sommer

                                          For testing try to create a new usergroup and assign you as a member and than give this group access rights to the folder where the application reside - maybe there is anything wrong with the other usergroup - active directory could be complicated (for non-admins like me) with inheritance of rights and possible locks anywhere.

                                           

                                          - Marcus

                                            • Re: qlikview ntfs security
                                              Michael Jokumsen

                                              That is exactly what I have already done. The group has been given rights to folder and the file.

                                               

                                              I have removed all inheritance so I only have the explicit rights given to this group where i'm a member.

                                               

                                              Yep it's not very intuitive.

                                               

                                              /Michael

                                                • Re: qlikview ntfs security
                                                  Marcus Sommer

                                                  I think I'm out of ideas. Maybe pcammaert could be give a hint.

                                                   

                                                  - Marcus

                                                  • Re: qlikview ntfs security
                                                    Peter Cammaert

                                                    Add the new group in which you are a member to the security list of the folder containing the document that already has this group included in the security list of the file properties. The folder may need other permissions than the simple Read-access required for files to be visible/accessible in the AccessPoint.

                                                      • Re: qlikview ntfs security
                                                        Michael Jokumsen

                                                        Hey Peter.. The new Group is already added to the security list of the folder with full control.

                                                         

                                                        It is so frustrating. I don't se the difference of using an administrator Group where i'm a member or my username explicitly.

                                                         

                                                        Can I control the visibility of applications in another way?

                                                         

                                                        The problem is that I want to publish an application, but just a few of the users with a Named User Cal should be able to access/see the aplication. I thought I could create a local user Group with these users and add this Group alone to the security list. But as you can understand that is not working as expected......

                                                         

                                                        /Michael

                                                          • Re: qlikview ntfs security
                                                            Marcus Sommer

                                                            I'm not absolutely sure but I think the recommended way to assign access rights goes over folders which are parallel to eachother - this meant to use separate folders for each different access without nesting folders and/or assigning access rights to files - to avoid potential troubles with the complexity of the active directory. Maybe this is here a bit exaggerating but it should hint in the right direction ...

                                                             

                                                            Beside them and if only one or few applications are affected which meant it would be need a lot of efforts to change the general access-control you could use section access with the control of the list of documents in the access point (document properties in tab server on the bottom right area). For this you need only ACCESS and NTNAME within the section access without a connection to the datamodel - anyone who's not listed there won't see the application.

                                                             

                                                            - Marcus