NetFile
46 Portal Server 6 2005Q1 • Deployment Planning Guide
Access Control
NetFile provides various means of file system access control. You can deny access
to users to a particular file system based on the protocol. For example, you can
deny a particular user, role, or organization access to file systems that are accessible
only over NFS.
You can configure NetFile to allow or deny access to file systems at any level, from
organization, to suborganization, to user. You can also allow or deny access to
specific servers. Access can be allowed or denied to file systems for users
depending on the type of host, including Windows, FTP, NFS, and FTP over
NetWare. For example, you can deny access for Windows hosts to all users of an
organization. You can also specify a set of common hosts at an organization or role
level, so that all users in that organization or role can access the common hosts
without having to add them for each and every member of the organization or role.
As part of the NetFile service, you can configure the Allowed URLs or Denied
URLs lists to allow or deny access to servers at the organization, role, or user level.
The Denied URLs list takes precedence over the Allowed URLs. The Allowed URLs
and Denied URLs lists can contain the * wildcard to allow or deny access to a set of
servers under a single domain or subdomain.
Security
When you use NetFile with SRA configured for SSL, all connections made from
NetFile applets to the underlying file system happen over the SSL connection
established between the Gateway and the browser. Because you typically install
the Gateway in a DMZ, and open a limited number of ports (usually only one) in
the second firewall, you do not compromise security while providing access to the
file systems.
Special Operations
NetFile is much like a typical file manager application with a set of features that are
appropriate for a remote file manager application. NetFile enables users to upload
and download files between the local and remote file systems (shares). You can
limit the size of the upload file (from the local to the remote file system) through
the Access Manager administration console.