Limiting Server Directory Access

You can browse the Spectrum Technology Platform server's folders when performing tasks that require them to select a file. For example, users can browse the server when selecting an input or output file in a source or sink stage in Spectrum Enterprise Designer.

As an administrator, you may want to restrict access so that sensitive portions of the server cannot be browsed or modified.

One way to prevent access to the server's file system by making sure that users do not have the Platform security permission Security - Directory Paths. This prevents access to all folders on the server. You can also prevent access to some folders on the server while allowing access to others. When you grant limited access, the folders you allow access to appear as the top-level folders in users' file browse windows. For example, if you allow users to only access a folder on the server named WestRegionCustomers, when users browse the server they would only see that folder, as shown here:

There are two situations where users can view the server's entire file system even if you have granted only limited access:
  • When browsing for a database file while creating a Spectrum database in Spectrum Management Console
  • When browsing for a JDBC driver file while creating a driver in Spectrum Management Console
To prevent users from browsing the server's entire file system, use roles to limit the user's access to Spectrum databases and JDBC drivers.

To provide access to some folders on the server while restricting access to others, follow this procedure.

  1. Open Spectrum Management Console.
  2. Go to System > Security.
  3. Click Directory Access.
  4. Set the Limit access to server directories switch to On.
  5. Click the Add button .
  6. In the Name field, give a meaningful name for the folder to which you are granting access.

    The name you provide here appears as the root name of the directory to users when browsing the server. In the example shown at the beginning of this topic, the name given to the accessible directory is WestRegionCustomers.

  7. In the Path field, specify the folder to which you want to grant access. Users will be able to access all file and subfolders contained in the folder you specify.
  8. Click Save.
  9. If you want to grant access to additional folders, repeat the previous steps as needed.
Users now have access only to the folders you have specified. Note that users must have the Platform security permission Security - Directory Paths in order to access server directories.
Note: If there are any dataflows that had previously accessed files that are no longer available because of file browsing restrictions, those dataflows will fail.