Set Transfer Permissions for an External User Group
You can create customized transfer settings for individual external users and for external user groups. In this procedure you'll modify your Reflection for Secure IT server settings to allow additional file access to members of the default "Administrators" external user group.
Before you begin
Create a group subconfiguration for members of the external users Administrators group
- On the gateway server, start the Reflection for Secure IT server console. (Start > All Programs > Attachmate Reflection > Reflection SSH Server Configuration.)
- On the left panel, under Subconfiguration, click Group Configuration.
- Click Add. This opens the Group Configuration dialog box.
- Set Group type to Domain.
- For Domain, enter Reflection.VirtualDirectory.
Reflection for Secure IT uses this domain name for external users and groups.
- For Group, enter Administrators.
The Administrators group is the only default group in the User Manager, and the default admin user is a member of this group. This procedure uses this default group for testing. Once you have finished testing, you'll want to configure your own groups and group members in the User Manager.
- In the left portion of the Group Configuration dialog box, click SFTP Directories.
- Click Add. This opens the Accessible Directory Settings dialog box. You'll use it to add access to a new folder that will be accessible to members of the Administrators group.
- For Virtual Directory, enter AdminTest.
- Click Browse and select any available local folder. It will be entered into Local or UNC directory. (For example C:\Test.)
- Click OK.
- Change User login directory to /. (You have added a second accessible directory and this change means that users in this subconfiguration will see all available directories when they log in.)
You'll see a warning about changing the user key directory. Because you are using password authentication for users, the warning doesn't apply to this test and you can click Yes to proceed.
- Click OK to close the Group Configuration dialog box.
- Save your settings (File > Save Settings).
Connect to the Transfer Client as a member of the Administrators group
- From the user workstation, log onto the Transfer Client using the default admin account.
- The Server file list shows two directories. The first directory (Test) is the directory on the document depot that you made available to all users. The second directory (AdminTest) is the directory on the Web Edition server that you made available to members of the Administrators group.
Note: If you've followed the procedures in this guide, these directories are on two different servers. Test is on the document depot and AdminTest is on the Web Edition server. These actual server locations are not apparent to the external user.
- Log out of the Transfer Client and log in again using your test user credentials to confirm that this user logs directly into the Test directory. You can browse up to the parent directory and confirm that this user has no view of the AdminTest directory.