Parameter Settings
The following table shows the parameter settings for the fileAccessControl.cnf file:
Parameter | Description |
allowedReadPaths | List of directories and/or files to which the services in the pub.file folder have read permission. |
allowedWritePaths | List of directories and/or files to which the services in the pub.file folder and the pub.flow:savePipelineToFile service have write permission. |
allowedDeletePaths | List of directories and/or files that the services in the pub.file folder can delete. |
When modifying the parameters in the fileAccessControl.cnf file, keep the following points in mind:
The parameters can be set to file names and/or directories.
If a file name is listed, access is allowed to that file only.
For example, the following entry will allow the services in pub.file folder to write the file c:/wm8/test.txt.
allowedWritePaths=C:/wm8/test.txt
If a directory name is listed, access is allowed to all files in that directory, but not to the subdirectories.
For example, the following entry will allow the services in pub.file folder to write to any file in the c:/wm8/test directory.
allowedWritePaths=C:/wm8/test
Use a semicolon (;) as the delimiter when listing multiple paths. Do
not include spaces between paths. For example:
allowedWritePaths=C:/wm8/test;C:/wm8/test.txt
If a file or directory name has a semicolon (;), use two backslashes (\\) before the semicolon when specifying the allowed paths. For example, if the filename is: c:/temp/ab;c.txt
Specify it as: c:/temp/ab\\;c.txt
Note: | When using a pathname with a semicolon as the value for an input parameter in a pub.file service, you do not need to include two backslashes before the semicolon. |
You can use the wildcard character asterisk (*) to match multiple folders, subfolders, and files.
A single asterisk (*) wildcard can be used to denote single directory names.
For example, the following entry will allow the services in pub.file folder to write to all the .log files in the subdirectories whose names starts with 'fatal' in the c:/home/ directory:
allowedWritePaths=C:/home/fatal*/*.log
Double asterisks (**) can be used to denote multiple files and subfolders in a folder.
For example, the following entry will allow the services in pub.file folder to write to all files in all the subdirectories of c:/home directory:
allowedWritePaths=C:/home/**
The asterisk (*) is the only wildcard character that you can use. All other characters are treated as literals.
You cannot use a wildcard character to match any files in the root directory.
Integration Server ignores the entries that use asterisks to match a file in the root directory.
For example, Integration Server will ignore the following entry:
allowedWritePaths = **
UNIX-based operating systems are case-sensitive. When specifying paths for the parameters in fileAccessControl.cnf, make sure to use the appropriate case in the path names. Any path name supplied to input parameters for the
pub.file services must match the case specified in the fileAcceessControl.cnf parameters.
If
Integration Server runs on Windows, you can use either a forward slash (/) or two backslashes (\\) as the directory separator in paths specified in the fileAccessControl.cnf. When specifying values for input parameters for the
pub.file services, you can specify a single forward slash, a single backslash, or a double backslash as the directory separator.
If
Integration Server runs on a UNIX-based operating system, you must use a forward slash as the directory separator.