Blog

Managed File Transfer and Network Solutions

Groups and their role in regulatory compliance - Part 2

Posted by John V. on Tue, Apr 10, 2012 @ 10:04 AM

Let's now see those groups we talked about in Part 1 in action. You might want to review the Group memberships found in the later part of Part 1 and see which user(s) belong to which group.

Ready? Let's begin.

At the start of the day, Joey logs in to his company's MFT server using AnyClient and uploads to his home directory a file named "payroll02.doc". 

 

anyclient 1a resized 600

 

He then navigates to the "allgroups" directory and uploads a file named "Spreadsheet risk issues.doc".

 

anyclient 1b resized 600

 

Later on, Maria logs in to the same managed file transfer server using her own copy of AnyClient. She doesn't see "payroll02.doc" because that file was stored in Joey's home directory.

 

anyclient 2a resized 600

 

She proceeds to the "allgroups" directory, where she sees the file "Spreadsheet risk issues.doc". Intrigued by the name of the file, she attempts to download it. Unfortunately, the server denies the request. Remember that, like Joey, Maria belongs to the Uploader Staff group and members of that group are not allowed to download anything from this path. 

 

anyclient 2b resized 600

 

From his office many miles away, Steven logs in to the same server. Like Maria, he doesn't see Joey's "payroll02.doc" but sees "Spreadsheet risk issues.doc" in the "allgroups" directory. 

But unlike Maria, when Steven tries to download the file, the managed file transfer server grants the request.

 

anyclient3a resized 600

 

Steven opens, reviews, and edits his newly downloaded copy of the "Spreadsheet risk issues.doc" file. He thinks of replacing the copy on the server with his own edited copy. But when he tries to delete the copy stored in the "allgroups" directory, his request is denied. 

 

anyclient 3b resized 600

 

Unperturbed, he renames his edited copy to "Spreadsheet risk issues v2.doc" and tries to upload the file instead. That request is denied as well.

 

anyclient 3c resized 600

 

He then asks his buddy, Doug, to come over to his workstation and perform the upload for him. Doug logs in using his own user credentials. But since he too is a member of the Downloader Staff, his attempt to upload to the same path fails as well.

 

anyclient 4a resized 600

 

Later in the evening, someone from the company logs in to the managed file transfer server, navigates to the "allgroups" directory, and downloads the "Spreadsheet risk issues.doc" file.

 

anyclient 5a resized 600

 

That person then makes changes to the contents of the file, deletes the original copy on the server,

 

anyclient 5b resized 600

 

and replaces it with the edited copy.

 

anyclient 5c resized 600

 

How is it that this person is able to download, delete, and upload files to the "allgroups" directory? Because this person is Danika and she belongs to the Super Staff group. 

Did you notice the many security implications in those very simple scenarios? Groups can help you enforce stronger security but it's really up to you to plan out your groupings to make this feature really effective in enhancing security. 

Building those groups in JSCAPE MFT Server

Now, I would like to show you how I created those groups, assigned users to them, and set each group's permissions. 

To create the Uploader Staff group, I launched my JSCAPE MFT Server Manager and then opened the Groups section. Once there, I clicked the Add button. 

 

groups add resized 600

 

I was then brought to the Add Group dialog box, where I entered the name of the group, the virtual path of the group, and its real path. When I was done entering, I clicked OK.

 

add group parameters resized 600

 

I followed the same process to create the other two groups.

 

add group parameters2 resized 600

 

add group parameters3 resized 600

 

Notice how I made the Path and Real Path entries the same for all three groups. That's because, in this particular scenario, we wanted our groups to share the same directory but have different permissions to it. It doesn't have to be that way with your other groups. Different groups can have different paths and real paths. 

Here are all three groups as seen from the main screen.

 

newly added groups resized 600

 

Having already created all three groups, I set out to assign permissions to them. I started by selecting the Uploader Staff from the list of groups and then clicking Edit.

 

select group1 resized 600

 

I then selected the path and clicked Edit.

 

edit group path resized 600

 

Once I got to the Edit Virtual Path dialog box, I clicked the Permissions button to start assigning permissions to this particular group path. In case you're wondering, a group can have multiple paths and each path can have its own set of permissions.

 

permissions resized 600

 

For this particular group, I checked all permissions except Download file.

 

setting permissions resized 600

 

I then clicked each OK button on every dialog box / screen I encountered until I got back to the main screen. I followed the same process for the Downloader Staff group. However, when I got to the part of actually setting permissions, I checked Download file and unchecked some permissions (see screenshot below).

 

setting limited permissions resized 600

 

Again, I went through the same process for the Super Staff group until I got to the Virtual Path Permissions dialog box. This time, I checked all permissions. 

 

all permissions resized 600

 

After setting permissions for all three groups, my next task was to assign user accounts to each one of them. I started with the Uploader Staff group by selecting it and then clicking the Users button.

 

add user to group resized 600

 

On the Setup 'Uploader Staff' Users dialog box (where 'Uploader Staff' will be replaced with the name of the group you selected), I assigned members to the group. To do that, I ticked the check box beside the name 'joey' and then did the same for 'maria'.

 

setup group users resized 600

 

I followed the same steps for the two remaining groups. As planned, Steven and Doug went to Downloader Staff, while Danika went to Super Staff.

That's all there was to it. And that's how you build groups in JSCAPE MFT Server.

 

Summary

In this two-part series, we talked about JSCAPE MFT Server groups, how they can be used for regulatory compliance, and how to actually create them.

Downloads

Download JSCAPE MFT Server

Download AnyClient

 

Topics: JSCAPE MFT Server, Compliance, AnyClient