Restrict Access to Reflection 2011 features with ACT
When you use ACT (Attachmate Customization Tool) to create access files, the files are automatically saved in the required directory and packaged in a companion installer package that you can deploy to users.
Important: Be sure to set file access rights on .access files that you deploy to prevent users from deleting, replacing, or editing them.
To set access with the ACT tool
- On a workstation on which you have installed Reflection, open the Attachmate Customization Tool from a desktop shortcut or from a command line as follows:
- When the ACT tool opens, select Create a new companion installer.
- On the left pane, select Specify install locations.
- Under Installation type, select Installs only for the user who installs it.
- In the left pane, select Modify user settings.
- In the Make changes to user settings... table, select one of the .access options and click the Define button.
- In Permissions Manager, under Groups, select the type of setting to control access to (for example, the Document\Connection\TN3270Basic group). (Settings in Reflection 2011 are in "groups" and each group has a path name.)
- In the Items box, in the Accessibility field for the item (or items) you want to restrict, click Full and then select Restricted from the drop down menu.
In the following example, the Accessibility level for DeviceName, Host, and Port is Restricted. The resulting rd3x.access file limits access to these three settings.
- Under Additional security options, select how to control session file encryption:
To do this
Configure all sessions so that users can open only encrypted display session files.
User can open only encrypted session files
Configure all sessions so that users can save a display session only if it is encrypted.
User can save only encrypted session files
- On the ACT File menu, choose Save As and save the companion installer package.
The companion installer package automatically specifies to deploy this .access file to the [AppDataFolder]\Atachmate\Reflection\Workspace\data_folder folder.
Note: The name of the last folder (data_folder) in this directory is specific to the version of Reflection. For Reflection 2011 R1, this folder is R2011. For subsequent versions, it is R2011_versionName. (For example, the folder name in Reflection 2011 R2 is R2011_R2.)
By default, the [AppDataFolder] is defined as:
(Windows 7 and Vista) Users\yourUserName\AppData\Roaming\
(XP) Documents and Settings\yourUserName\Application Data\
- Be sure to set file access rights on .access files to prevent users from deleting, replacing, or editing them.
- To deploy files to this folder, you will need to use a deployment tool that allows you to install the companion installer package as the user.
- When accessing a setting via an API, such as executing a macro, a setting with restricted access cannot be modified. (When attempting to set a restricted setting via an API, an error is logged.)