Features in Users, Roles, Groups, and Templates
This topic provides information about specific features you can use to configure advanced settings for user, roles, groups, and templates in ActiveTransfer:
Restrictions for a User, Role, or Group
You can define the following restrictions for a user, role, or group:
Restrict server availability to specified times and days of the week.
Restrict particular actions for files that match a specified pattern and restrict access to subfolders in a folder structure that match a specified pattern.
Restrict login volume and duration and specify authentication settings.
Restrict connections by protocol or IP address and specify default character encoding.
These settings will override any restrictions set in the template associated with the user, role, or group.
Restrictions for Authentication and Login
You can set authentication and login restrictions that specify the maximum number of users who can log in simultaneously, the maximum login and idle times per session, public key and password requirements, and the paths to trusted public SSH key files.
Restrictions for Files
You can restrict particular actions for files that match a specified pattern. For example, you can restrict users from uploading files that end with .exe. You can also restrict access to subfolders in the file system that match a specified pattern.
Restrictions for Connections
You can restrict connections to ActiveTransfer Server or an ActiveTransfer Gateway instance by choosing the protocols or client IP addresses for access. You can also specify the default character encoding for the connection between the user and ActiveTransfer Server.
Active Time Window
You can specify the days of the week and the time during which users can connect to ActiveTransfer Server.
Note: The days and times are represented in the time zone of the ActiveTransfer Server.
Encryption and Decryption
You can define specific file-based encryption and decryption PGP keys for users, roles, and groups. These settings will override any encryption assignments set in the template associated with the user, role, or group.
When encrypted, files are stored on the user’s drive. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them. When encryption and decryption keys are configured at multiple levels (user, server, and folder), ActiveTransfer enforces the following order of preference:
1. Users
2. Folders
3. Servers
For example, if user A accesses port 10 and uploads a file in a VFS MN, then ActiveTransfer checks if the encryption or decryption key is available for user A. If no key is available at the user level, then ActiveTransfer checks for the folder settings for a key. If no key is present at the VFS level, then ActiveTransfer checks the server level settings for the key.
File-based Encryption for Templates
You can define specific file-based encryption and decryption PGP keys for users assigned to a template. When files are encrypted, they are stored on a user’s drive in a format that cannot be read outside of ActiveTransfer. Encrypted files are decrypted only if they are transferred back through ActiveTransfer using the same key that was used to encrypt them.
Note: You must obtain the appropriate keystores and ensure that these keystore files reside on the machines that host the ActiveTransfer Server or ActiveTransfer Gateway on which you perform these configuration tasks.
You can override the template-level encryption and decryption options for a specific user.
Acceleration Options for Users
ActiveTransfer allows accelerated data transfer, also known as
acceleration. For more information about acceleration, see
Acceleration.
The acceleration settings you specify in the following procedure will override any acceleration settings set in the template associated with the user. You can apply the same settings to roles and groups.