Set Transfer Permissions for a User Group

You can create customized transfer settings for individual users and for user groups. In this procedure you'll modify your Reflection for Secure IT Server settings to allow additional file access to members of the default "Administrators" group.

Note: The Administrators group used here is the only default group in the User Manager, and the default admin user is a member of this group. This procedure uses this default group for testing. Once you finish testing, you'll want to configure group access using your own groups. These can be groups you create in User Manager, or groups in any LDAP directory you add to User Manager.

Before you begin

Create a subconfiguration for members of the User Manager Administrators group

  1. On the Web Edition server, start the Reflection for Secure IT Server console. (Start > All Programs > Attachmate Reflection > Reflection SSH Server Configuration.)
  2. On the left panel, under Subconfiguration, click Group Configuration.
  3. Click Add. This opens the Group Configuration dialog box.
  4. Set Group type to Domain.
  5. For Domain, enter Reflection.

    Use Reflection as the domain name for users or groups in the built-in User Manager directory. After you add additional LDAP directories to User Manager, you can also specify those domain names here.

    Note: If you use groups from an added LDAP server, confirm that the domain name you specify here exactly matches the domain name specified in User Manager. (In User Manager, go to LDAP Server, select your server, click Edit and check the value entered for Domain Name.)

  6. For Group, enter Administrators.
  7. In the left portion of the Group Configuration dialog box, click SFTP Directories.
  8. Click Add. This opens the Accessible Directory Settings dialog box. You'll use it to add access to a new folder that will be accessible to members of the Administrators group.
    • For Virtual Directory, enter AdminTest.
    • Click Browse and select any available local folder. It will be entered into Local or UNC directory. (For example C:\Samples.)
    • Click OK to close the Accessible Directory Settings dialog box and return to the group configuration SFTP Directories page.
  9. Use the drop-down list under User login directory to select  /. (You added a second accessible directory and this change means that users in this subconfiguration will see all available directories when they log in.)

    You'll see a warning about changing the user key directory. Because you are using password authentication for users, the warning doesn't apply to this test and you can click Yes to proceed.

  10. Click OK to close the Group Configuration dialog box.
  11. Save your settings (File > Save Settings).

Connect to the Transfer Client as a member of the Administrators group

  1. From the user workstation, log on to the Transfer Client using the default admin account.
  2. The Server file list shows two directories. In the image below, the first directory (AdminTest) is the directory on the Web Edition server that is available only to members of the Administrators group. The second directory (Test) is the directory on the back end file server that is available to all users.

    webedition_admin_view.png

    Note: If you've followed the procedures in this guide, these directories are on two different servers. The AdminTest directory is on the Web Edition server. The Test directory is on the back end file server. These actual server locations are not apparent to the Web Edition user.

  3. Log out of the Transfer Client and log in again using your test user credentials to confirm that this user logs directly into the Test directory. You can browse up to the parent directory and confirm that this user has no view of the AdminTest directory.