iFileshare Security

Security within iFileshare, either in single mode or working as a high availability group, is provided through the standard Enterprise Server facilities.

Micro Focus recommends that you use an ESM (External Security Manager) to control access to the files within iFileshare.

Native Enterprise Server work running on the iFileshare primary server is authorized in the SEPs and no further security checking is done. For external clients (Enterprise Server SEPs or standalone processes), the user ID and password combination is validated at sign-on, and the ID is checked for authorization to access files on the iFileshare primary server. If you are not using an ESM, authorization is assumed when the user ID/password is validated; otherwise, the ESM controls user authorization.

The following is a sample ESM configuration:

# Sample security definitions for Integrated Fileshare

####################
# Default IFS User #
####################
dn: CN=IFSUSER,CN=Enterprise Server Users,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: microfocus-MFDS-User
microfocus-MFDS-UID: mfuid
microfocus-MFDS-User-MTO-Priority: 0
microfocus-MFDS-User-MTO-Timeout: 0
microfocus-MFDS-User-MTO-OperatorClass: 0
microfocus-MFDS-User-AllowLogon: TRUE
microfocus-MFDS-User-DefaultGroup: ALLUSER
description: Default IFS user


###################
# ES Class = SIFS #
###################
dn: CN=SIFS,CN=Enterprise Server Resources,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: top
objectClass: container
description: Integrated Fileshare SIGNON


###############################
# Integrated Fileshare SIGNON #
###############################
dn: CN=ESDEMO,CN=SIFS,CN=Enterprise Server Resources,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: microfocus-MFDS-Resource
microfocus-MFDS-Resource-Class: SIFS
microfocus-MFDS-Resource-ACE: allow:SYSADM group:execute
microfocus-MFDS-Resource-ACE: allow:ALLUSER group:execute
microfocus-MFDS-Resource-ACE: deny:*:execute
microfocus-MFDS-UID: mfuid
description: Give sysadmin, normal, and anonymous users access to IFS