Not sure if I understood you correctly.
What I understand is, you have given access to user for the folder "Demo Models", so the user will be able to see all the files inside the folder unless some other security is applied to the files.
So if you want user to see only few files inside the folder and not all then you need to apply security to individual files & not to the folder.
Depending on how you distribute or publish your apps in QV Server you may have two main scenarios:
- You don't have publisher and select one or server folders to be shown on the AccessPoint. This way, all users that logon the AccessPoint will see all the apps that are located in the folders that were selected to be shown. However, and even if every single user can see all the apps, whether he/she cand enter and interact with the apps will depend on permissions that the app(.qvw file) possess
- You use Publisher to reload and distribute your apps. This way you have to define in every distribution task which users are allowed to see and interact with the apps, so when a user logs in the AccessPoint, he/she will only see those apps that were distribuited to them.
Based on this I think your case belongs to the first scenario and you'll have to define at file level ( Windows Security Properties) which users are allowed to interact with each app, but you won't be able to hide those apps that they don't or won't be able to use.