EasyManua.ls Logo

IBM Aspera HST

IBM Aspera HST
353 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
| Appendix | 339
2.
Restrict Aspera transfer users to a limited part of the server's file system or bucket in object storage.
a) For on-premises servers, set a default docroot to an empty folder, then set a docroot for each user:
# asconfigurator -x "set_node_data;absolute,docroot"
# asconfigurator -x "set_user_data;user_name,username;absolute,docroot"
Replace username with the username and docroot with the directory path to which the user should have access.
b) For cloud-based servers, set a default restriction to an empty folder, then set a restriction for each user:
# asconfigurator -x "set_node_data;file_restriction,|storage_path"
# asconfigurator -x
"set_user_data;user_name,username;file_restriction,|storage_path"
Replace username with the username and storage_path with the path to which the user has access. Restriction
syntax is specific to the storage:
Storage Type Format Example
local storage file:////*
S3 and IBM Cloud Object Storage s3://*
Swift storage swift//*
Azure storage azu://*
Azure Files azure-files://*
Google Cloud Storage gs://*
Hadoop (HDFS) hdfs://*
The "|" is a delimiter, and you can add additional restrictions. For example, to restrict the system user xfer
to s3://s3.amazonaws.com/bucket_xyz/folder_a/* and not allow access to key files, run the
following command:
# asconfigurator -x "set_user_data;user_name,xfer;file_restriction,|
s3://s3.amazonaws.com/bucket_xyz/folder_a/*|!*.key"
3.
Restrict users' read, write, and browse permissions.
Users are given read, write, and browse permissions to their docroot by default. Change the global default to deny
these permissions:
# asconfigurator -x
"set_node_data;read_allowed,false;write_allowed,false;dir_allowed,false"
Run the following commands to enable permissions per user, as required:
# asconfigurator -x "set_user_data;user_name,username;read_allowed,false"
# asconfigurator -x "set_user_data;user_name,username;write_allowed,false"
# asconfigurator -x "set_user_data;user_name,username;dir_allowed,false"
4.
Limit transfer permissions to certain users.
Set the default transfer permissions for all users to deny:
# asconfigurator -x "set_node_data;authorization_transfer_in_value,deny"
# asconfigurator -x "set_node_data;authorization_transfer_out_value,deny"

Table of Contents

Related product manuals