Specify Access Using Permissions Manager
To prevent a user from changing a setting, you set the permission level for that setting or control to "Restricted." When a setting is restricted, administrative access is required to change the setting. For example, you could restrict the user's ability to modify security settings.
You can lock down access by running Permissions Manager (without using the Installation Customization Tool) to edit .access
files. If you use this approach, be sure to deploy the customized .access
files to the correct directory.
note
Important: Be sure to set file access rights on .access
files that you deploy to prevent users from deleting, replacing, or editing them.
To set access with Permissions Manager
-
On a workstation on which you have installed Reflection, log on as administrator and in the Reflection Desktop install folder, run
AccessConfig.exe
. -
When prompted to create a new permission file, or edit an existing one, choose Create new permission file.
-
When prompted with a list of access file templates, choose the type of permission file to create.
-
Under Groups, select the type of setting to control access to (for example, the Document\Connection\TN3270Basic group).
-
In the Items box, in the Accessibility field for the item (or items) you want to restrict, click Full and then select Restricted from the drop down menu.
-
If you are configuring
rd3x.access
,rd5x.access
, orrdox.access
files, under Additional security options, select how to control session file encryption:To do this Select Configure all sessions so that users can open only encrypted display session files. User can open only encrypted session files Configure all sessions so that users can save a display session only if it is encrypted. User can save only encrypted session files -
Be sure to deploy the
.access
files to the correct directory as shown in Package Sessions and Custom Settings Files:To deploy settings that are user-specific, deploy the
.access
files to:[AppDataFolder\]\Micro Focus\Reflection\Desktop\v18.0SP2
.where
[AppDataFolder]
is the full path of the Roaming folder for the current user. The default isC:\Users\username\AppData\Roaming\
.To deploy settings for all users of a machine, deploy the
.access
files to:[CommonAppDataFolder]\Micro Focus\Reflection\Desktop\v18.0SP2
.where
[CommonAppDataFolder]
is the full path to application data for all users. The default isC:\ProgramData
.note
Only
actions.access
,application.access
, andsecurity.access
files can be deployed to all users.
important
-
To deploy files to the [AppDataFolder]folder, your deployment tool must allow you to install the companion installer package as the user.
-
Setting session encryption options in an
.access
file affects only the associated session type. For example, limiting users to opening only encrypted session files inrd3x.access
affects only 3270 terminal session files, and not 5250 session files. -
When accessing a setting via an API, such as executing a macro, a setting with restricted access cannot be modified. (When attempting to set a restricted setting via an API, an error is logged.)