Configure Access to Files and Directories

The Transfer Client shows a Local files list on the left and a Server files list on the right. You can use the Reflection for Secure IT server to customize which directories appear in the Server files list.

Note: By default, the same files and directories are available to all users. You can use subconfigurations to provide different access to specific users or groups of users.

Local directories

The Transfer Client's Local files list shows the contents of the user's profile folder. The user can browse from this location to any other folders and drives available to this user.

The user profile folder is configurable by the Windows system administrator. The default is:

  • Windows 7, Windows Server 2008:
    \Users\username\
  • Windows Server 2003:
    \Documents and Settings\username\

Server directories

If you have made no modifications to the default SFTP directories settings in Reflection for Secure IT, the Server files list shows the contents of a directory called "Home." For external users, this virtual directory corresponds to the following physical directory on the server:

C:\Users\<run_as_user>\ReflectionExternalUsers\Reflection.VirtualDirectory\<external_user>

where <run_as_user> is the External user access account (specified on the External Users pane in the Reflection for Secure IT server), and <external_user> is the user's UserID (added in the User Manager).

You can use Reflection for Secure IT to customize the server list so that it shows additional local directories, directories on one or more remote servers, or a combination.

To configure access to local directories

  1. Start the Reflection for Secure IT console (Attachmate Reflection > Reflection SSH Server Configuration).
  2. From the Configuration tab, click SFTP Directories in the left-hand panel.
  3. Click Add and use the Accessible Directories Settings dialog box to specify the virtual directory name and the actual directory path.

Notes:

  • The directories available to external users are limited by the rights of the user you specify for External user access account when you enable external user access.
  • Users have access only to directories that you explicitly make available. They do not have access to other directories, even if these directories are available to the External user access account.

The following pattern strings are available for configuring the Local or UNC directory. The resulting paths for external users are shown here:

%D

Default Home folder. For external users this is:

C:\Users\<run_as_user>\ReflectionExternalUsers\Reflection.VirtualDirectory\<external_user>

This directory is created the first time a user logs into the Reflection for Secure IT server if it doesn't already exist.

%H

For external users, this is equivalent to %D.

%u

The external user's UserID. This directory must already exist.

Caution: If you configure both domain and external users, do not use %u. If an external UserID matches a domain username, both users will have access to the same location. In this case, use %U to ensure unique pathnames.

%U

The external user domain name and UserID in the format "domain.username". This directory must already exist.

For external users the domain = Reflection.VirtualDirectory. For example, for the external user whose UserID is "Mary", c:\upload\%U resolves to:

C:\upload\Reflection.VirtualDirectory.Mary

To configure access to directories on a remote server

  1. On the Windows Start menu, click Attachmate Reflection > Reflection SSH Server Configuration.
  2. From the Configuration tab, click SFTP Directories in the left-hand panel.
  3. Click Add and specify a Virtual directory name.
  4. Click Remote SFTP server.
  5. Specify a Host name, retrieve the host key, and enter a username with access to this server for Remote SFTP username, and provide authentication information for this user.
  6. In the Path field, enter a path on the server that the user has access to, or use Browse to have an available path entered for you.

Notes:

  • The directories available on the remote server are limited by the rights of the user you specify for Remote SFTP username. You cannot provide access to files that are not available to this user.
  • Users have access only to directories that you explicitly make available. They do not have access to other directories on the remote server, even if these directories are available to the specified Remote SFTP username.
  • The %u and %U options described above are supported on remote servers.
  • For additional information, see Configure a Transfer to the Document Depot or refer to the Reflection for Secure IT server Help.