Protect Data and Information Privacy

Use the Trust Center to protect your working environment from information theft, and your data from potential damage caused by opening documents from non-trusted sources.

What do you want to do?

See

Define locations from which you can safely open (and store) documents.

Configure Trusted Locations

Mask sensitive data (such as credit card numbers) with privacy filters.

Configure Information Privacy

Control access to the Reflection API and control the execution of actions invoked by a macro or API call.

Configure API and Macro Security

Configure Trusted Locations

A trusted location is a directory that is designated as a secure source for opening files. By default, InfoConnect allows users to open documents only in directories specified as trusted locations. The default trusted locations are the InfoConnect program directory, the user’s personal documents directory, and the InfoConnect user application data folder The default is \Users\username\AppData\Roaming\Micro Focus\InfoConnect\Desktop\version. .

To change the default trusted locations

  1. Open the InfoConnect Workspace Settings dialog box.

  2. Click Specify Trusted Locations.

    This opens the Specify Trusted Locations dialog box, which you can use to add additional trusted locations.

  3. Edit the trusted locations list and click OK. Changes you make using this dialog box are saved to the Application.settings file.

  4. Deploy the modified Application.settings file.

Configure Information Privacy

With InfoConnect Information Privacy, you can protect sensitive data such as credit card Primary Account Numbers (PANs), phone numbers, and US Social Security numbers. Information Privacy allows you to configure InfoConnect so that the sensitive data is not displayed on the screen or in productivity features, such as Screen History. It also allows you to require secure connections.

To set up Information Privacy using Workspace Settings

  1. Start the InfoConnect Workspace and open the Workspace Settings dialog box.

  2. Under Trust Center, click Set Up Information Privacy.

  3. Configure Information Privacy features to protect sensitive data so that it is not displayed on the screen or in productivity features, such as Screen History.

    If you need to...

    Do this...

    Redact certain patterns of data that are outside the realm of credit card formats (e.g., US Social Security numbers).

    Set up Privacy Filter Redaction Rules and Privacy Filters.

    Redact credit card Primary Account Numbers (PANs) to meet PCI DSS requirements.

    PCI DSS (Payment Card Industry Data Security Standard) is a worldwide standard comprising technology requirements and process requirements designed to prevent fraud and is published by PCI Security Standards Council, LLC (https://www.pcisecuritystandards.org/). All companies who handle credit cards are likely to be subject to this standard.

    Set up Primary Account Number (PAN) Redaction Rules and Primary Account Number (PAN) Detection Rules.

    Require secure connections (as may be required for PCI DSS compliance).

    Set up PCI DSS Rules.

  4. When you have finished configuring Information Privacy, click OK.

    Edits to privacy filters are saved to PrivacyFilters.xml. All other Set Up Information Privacy settings are saved to PCIDSS.settings. These files are saved to the same location as the Application.settings file and deployed in the same way.

  5. Deploy the modified files.

To set up Information Privacy with Group Policy

  1. Copy the following files to the central store as follows:

  2. Open the Group Policy Object Editor (gpedit.msc).

  3. Under either the Computer Configuration or User Configuration branch, browse to Administrative Templates | Reflection Workspace | Information Privacy.

  4. In the Information Privacy panel, select and edit the policy settings.

NOTE:If you want to include the default regular expressions used for Custom Detection Rules and Custom Exception Expressions, you must add these expressions through the Group Policy editor. For detailed instructions, see Technical Note 2576: Adding Regular Expressions for Custom Detection Rules and Custom Exception Expressions to Group Policy.

Configure API and Macro Security

Settings limiting API and macro functionality are available from the Workspace Settings dialog box.

To set up API and macro and security

  1. Start the InfoConnect Workspace and open the Workspace Settings dialog box.

  2. Under Trust Center, click Set Up API and Macro Security.

  3. Configure the API settings as follows:

    To

    Select

    Prevent custom applications from accessing this installation.

    Disable .Net API

    Determine if legacy macros are supported, and to determine which legacy API has preference for the GetObject() method used to retrieve API COM objects. (Reflection supports multiple APIs, but can accept GetObject() calls for only one type of legacy API object at a time.)

    Legacy API preference

  4. Under Action Permissions, specify what you want to happen if an action that has been restricted through Group Policy or the Permissions Manager is initiated through a macro or API call.

    To

    Select

    Control restricted actions with User Account Control (UAC).

    Require elevated rights; do not execute on XP

    Run restricted actions that are initiated through a macro or API call as expected. The same actions won't run if they are initiated through the user interface.

    Execute the action

  5. When you have finished configuring the API and macro security settings, click OK. Changes you make using this dialog box are saved to the Application.settings file.

  6. Deploy the modified Application.settings file.