8.1 Control Access to Settings and Controls with Reflection Administrative Tools

To prevent a user from changing a setting, you set the permission level for that setting or control to “Restricted.” When a setting is restricted, administrative access is required to change the setting. For example, you could restrict the user’s ability to modify security settings.

NOTE:You can restrict access to Reflection controls only on systems on which the Windows User Access Control (UAC) is enabled. If the UAC is disabled, the configuration settings that restrict access do not apply.

The following access file templates are distributed with Reflection Desktop:

This File

Controls access to…

actions.access

Actions (for example, Auto Complete)

application.access

Reflection workspace settings

rd3x.access

3270 terminal settings

rd5x.access

5250 terminal settings

rdox.access

VT terminal settings

security.access

TLS and PKI settings

Individual permissions are merged in the following order (from highest to lowest):

  • Group Policy – user

  • Group Policy – machine

  • Local permissions file (.access)

Deploying local permissions (.access) files

Use the Reflection Permissions Manager tool to set local permissions and save them in .access files that you can deploy.

You can deploy user-specific access settings for any type of .access files. To deploy user-specific files, install the .access files to [AppDataFolder] The full path of the Roaming folder for the current user. The default is C:\Users\username\AppData\Roaming\. \Micro Focus\Reflection\Desktop\v17.0.

You can install some types of access configuration ( actions.access, application.access, and security.access files) for all users of the system. To deploy these settings for all users, install these files in [CommonAppDataFolder] The full path to application data for all users. The default is C:\ProgramData. \Micro Focus\Reflection\Desktop\v17.0.

NOTE:Settings files in the [CommonAppDataFolder] The full path to application data for all users. The default is C:\ProgramData. location are copied to the [AppDataFolder] The full path of the Roaming folder for the current user. The default is C:\Users\username\AppData\Roaming\. location when the user opens the Workspace.

You can set permissions and create .access files by using the Permissions Manager with or without the Installation Customization Tool. When you use Permissions Manager with this tool, the tool automatically determines the correct location in which to install the required files. When you open Permissions manager and create .access files outside of this tool, you’ll need to be sure the files are installed in the correct directory.