Can someone help clarify what I am observing? I'm running QV 12.10 SR6 (12.10.20400.0) and it appears that when QVDS writes a QVW to AccessPoint it explicitly sets the NTFS permissions to be exactly what was set in the distribution properties of the task, and removes any inherited NTFS permissions from the file. Our AccessPoint directory is configured to inherit specific permissions, but these inherited permissions are missing on only the QVW's. If I manually create a text file in the AccessPoint directory the AD Groups from the parent are correctly inherited to the file I created. The *.meta and *.shared files also correctly list NTFS inherited permissions. Only the QVW files, created by the QVDS are missing the permission inheritance. Is this by design, or am I missing something in my configuration options?
For example - this QVDS task is writing three AD groups:
In the NTFS permissions of the QVW written to AccessPoint, I do see those 3 groups and the QV Service account. But, what I don't see is the other groups that should be in the NTFS permissions based on inheritance.
This problem surfaced the first time we tried to archive/delete a application in QV12 and our administrator didn't have permissions to do so. In the above example, given the NTFS permissions, the only ways to delete an app are to login as the QV Service account (which has full permissions on this file) or to take ownership of the file (using an account with Administrative Permissions) and then delete it.
Our QV11 environment didn't work this way - QV admins could easily delete unused applications and I believe it was do to membership in an AD Group granting full control permissions that was being inherited down from the root of the directory to all files in the AccessPoint directory. Also, I thought when Publisher wrote the QVWs it included inherited permissions on the file allowing this to work correctly. Perhaps I am not remembering it correctly though.
Thoughts? Did I miss something when configuring our QV12 environment? Do any of you running QV12 see that QVWs are inheriting permissions - or are they being overridden/removed by QVDS? Thanks in advance for any input.