Restrict Access using Permissions Manager

You can use the InfoConnect Permissions Manager to restrict access to InfoConnect features. After you select the features you want to disable using this tool, your specifications are saved in *.access files that you can deploy to users. You can run Permissions Manager directly, or by launching it from the Installation Customization Tool.

Access file templates installed to InfoConnect program folder The default on English language systems is C:\Program Files (x86)\Micro Focus\InfoConnect on 64-bit systems and C:\Program Files\Micro Focus\InfoConnect on 32-bit systems. \Configuration. The list of available templates depends on which InfoConnect product you have installed.

This File

Controls access to…

actions.access

InfoConnect actions

application.access

InfoConnect Workspace settings

ialc.access

ALC terminal settings

it27.access

T27 terminal settings

iuts.access

UTS terminal settings

rd3x.access

3270 terminal settings

rd5x.access

5250 terminal settings

rdox.access

VT terminal settings

To set access with Permissions Manager

  1. On a workstation to which you have installed InfoConnect, log on as administrator and in the InfoConnect install folder, run AccessConfig.exe.

  2. When prompted to create a new permission file, or edit an existing one, choose Create new permission file.

  3. When prompted with a list of access file templates, choose the type of permission file to create.

  4. Under Groups, select the type of setting to control access to.

  5. In the Items box, in the Accessibility field set the security level you want for the selected feature.

    Full - All users can configure the item.

    Restricted - Only Administrators of the system can configure the item. These items have the Windows user access shield added to their icons:

    Read-only - No users of the system can configure this item. These items appear grayed-out in the user interface.

  6. If you are configuring terminal session access you will see a pane with Additional security options. Select how to control session file encryption.

  7. Deploy the customized *.access files.

Deploying Permissions Manager access files

To deploy user-specific access settings, install your customized *.access file(s) to the InfoConnect user application data folder The default is \Users\username\AppData\Roaming\Micro Focus\InfoConnect\Desktop\version. . User-specific deployment is available for all *.access files. You can use the Installation Customization Tool to create a companion package to install these files. See Create a Companion Package to Install Customized Settings Files.

You can install some access configuration (actions and Workspace settings) for all users of the system. To do this install actions.access and/or application.access file(s) to the InfoConnect global application data folder Settings here apply to all users of the system. The location is version-specific: \ProgramData\Micro Focus\InfoConnect\Desktop\version. . Settings files in this location are copied to the user application data folder when the user opens the Workspace. To make these changes from the Installation Customization Tool you can use the Modify User Settings feature. When you use this approach, the tool automatically determines the correct location to install the required files. See Use “Modify User Settings” to Change Access Settings.

NOTE:

  • Be sure to set file permissions on *.access files that you deploy to prevent users from deleting, replacing, or editing them.

  • To deploy files to the version folder, your deployment tool must allow you to install the companion installer package as the user.

  • Setting session encryption options in an *.access file affects only the associated session type. For example, limiting users to opening only encrypted session files in rd3x.access only affects 3270 terminal session files, and not 5250 session files.

  • When accessing a setting via an API, such as executing a macro, a setting with restricted access cannot be modified. (When attempting to set a restricted setting via an API, an error is logged.)