Managing Users and Templates

Configure user profile restrictions by using pre-defined or customized template settings.

Users

Users can connect to listeners exposed in IBM webMethods Managed File Transfer to do file operations in Virtual Folders. After you create a user, the user needs to be added to the Virtual Folder with the right access privileges.

Types of Users in IBM webMethods Managed File Transfer

IBM webMethods iPaaS Users

Administrators and users within your organization must create a user profile on IBM webMethods iPaaS. IBM webMethods iPaaS users have the ability to access and collaborate on IBM webMethods Managed File Transfer using their designated permissions.

Partner Users

A partner user is an entity authorized to send and receive files in IBM webMethods Managed File Transfer.

Features of a Partner User

This topic provides information about specific features that can be configured for users and templates in IBM webMethods Managed File Transfer.

Restrictions for a Partner User

Define the following restrictions for a user:

These settings override any restrictions set in the template associated with the user.

Restrictions for Authentication and Login

Specify the maximum number of users who can log in simultaneously, the maximum login and idle times per session, public key and password requirements, and the paths to trusted public SSH key files.

Restrictions for Files

Restrict particular actions for files that match a specified pattern. For example, restrict users from uploading files that end with .exe. Also restrict access to subfolders in the file system that match a specified pattern.

Restrictions for Connections

Specify the default character encoding for the connection between the user and IBM webMethods Managed File Transfer.

Active Time Window

Specify the days of the week and the time during which users can connect to IBM webMethods Managed File Transfer.

Note
The days and times are represented in the time zone of the IBM webMethods Managed File Transfer. To configure time zone for date and time variables, see General Settings.

Encryption and Decryption

Define specific file-based encryption and decryption PGP keys for users. These settings override any encryption assignments set in the template associated with the user.

When encrypted, files are stored on the user’s drive. Encrypted files are decrypted only if they are transferred back through IBM webMethods Managed File Transfer using the same key that was used to encrypt them. When encryption and decryption keys are configured at multiple levels (user, server, and folder), IBM webMethods Managed File Transfer enforces the following order of preference:

  1. Users

  2. Folders

  3. Servers

For example, if user A accesses port 10 and uploads a file in VFS TestFolder123, then IBM webMethods Managed File Transfer checks if the encryption or decryption key is available for user A. If no key is available at the virtual folder level, then IBM webMethods Managed File Transfer checks for the user settings for the key. If no key is present at the user settings level, then IBM webMethods Managed File Transfer checks the server level settings for the key. If no key is present at the server level settings, then files are not encrypted or decrypted during upload or download.

File-based Encryption for Templates

Define specific file-based encryption and decryption PGP keys for users assigned to a template. When files are encrypted, they are stored on a user’s drive in a format that cannot be read outside of IBM webMethods Managed File Transfer. Encrypted files are decrypted only if they are transferred back through IBM webMethods Managed File Transfer using the same key that was used to encrypt them.

Override the template-level encryption and decryption options for a specific user.

Note
You must obtain the appropriate keystores and ensure that these keystore files reside on the machines that host the IBM webMethods Managed File Transfer on which you perform these configuration tasks.

Creating a New Partner User

To create a new user

  1. Go to Users > Users.

  2. On the Users page, click and in the Create new user dialog box, type the User ID, First name, Last name, and Email address. Ensure that the partner user names are not identical to your IBM webMethods iPaaS user names.

  3. To change the user’s password, do one of the following:

    • Select Send reset password link if you want to reset your password through a secure link sent to the configured email ID. This is the preferred and default option. The password reset link is valid until the password is changed successfully. After you reset the password successfully, the link expires. However, if you do not change the password, the reset link expires after 24 hours. The default value is 24 hours. The administrator can change the default value using the “mft.password.change.token.expiry” property.
    • Select Generate random password if you want IBM webMethods Managed File Transfer to create a password.
    • Select Create new password to create a specific password. See Password Complexity for Partner Users for more information.

    Note
    Your password is sent in an unencrypted plain-text email. As a security best practice, it is recommended that you use the Send reset password link option. Generate random password and Create new password options are deprecated and will be removed in the upcoming release.
  4. Click Add to User List. This button is enabled only when you provide the user information. Continue to add more users to the selected users’ list.

  5. Click Create.

Configuring Advanced Settings for Users

To configure advanced settings

  1. Go to Users > Users.

  2. Select the user to configure additional settings and specify the following details:

    Field Description
    Basic Update the user’s First name, Last name, Email address, and the default Template associated with the user.
    Disable login Select this option if you want to disable a user’s ID and prevent the user from logging on to the server.
    Associated partner
    No partner Select this option if you do not want to associate the user with either a partner or your enterprise.
    Enterprise Select this option if you want to associate the user with your enterprise.
    Partner Select this option if you want to associate the user with a partner, and either select a partner from the list or type a new partner name and click Create.
    Upload preferences These settings override any throttling options set in the template associated with the user.
    Maximum speed (Kb/sec) Type the maximum permissible speed in kilobytes per second for an upload operation.
    Maximum individual file size (MB) Type the maximum permissible size in megabytes for an uploaded file.
    Maximum amount per session (MB) Type the maximum amount of data in megabytes that can be uploaded per session.
    Maximum amount per day (MB) Type the maximum amount of data in megabytes that can be uploaded per day.
    Maximum amount per month (MB) Type the maximum amount of data in megabytes that can be uploaded per month.
    Download preferences These settings override any throttling options set in the template associated with the user.
    Maximum speed (Kb/sec) Type the maximum permissible speed in kilobytes per second for n download operation.
    Maximum amount per session (MB) Type the maximum amount of data in megabytes that can be downloaded per session.
    Maximum amount per day (MB) Type the maximum amount of data in megabytes that can be downloaded per day.
    Maximum amount per month (MB) Type the maximum amount of data in megabytes that can be downloaded per month.
    Active time window
    • Days. Select the days you want the server to be available to the user.
    • Time selector. Click to specify the time interval for the user to access the server.
    File name filters Configure the file name filters to allow or deny commands (Upload, Download, List, Rename) for files that match a specified pattern. For example, restrict a user from uploading files that end with “.exe”.
    • When you configure the file name filters for Listener Preferences and Users, the user file name filter configuration overrides the Listener Preferences configuration.
    • The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then IBM webMethods Managed File Transfer considers it as a .txt file when applying the filters.
    Patterns Click to add one or more patterns to restrict actions to particular files, and specify the following details:
    • Command. Select a command ( List, Download, Upload or Rename) from the list.
    • Filter type. Select a filter type (Starts with, Ends with, or Contains) from the list.
    • File name. Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).

    Note: Any characters except wildcard characters and regular expressions are permitted. IBM webMethods Managed File Transfer treats those characters as part of the file name.
    Block paths matching these patterns Click to restrict a user’s access to specific folders in the file system, and specify the folder path you want to block in Pattern.
    Tip: Use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you must type: ~/system/bin/*
    Authentication and login Configure maximum limits for user authentication and login.
    Maximum simultaneous logins Type the maximum number of simultaneous logins allowed for the same user.
    Require public key and password (For SFTP listeners) Select this option if you want IBM webMethods Managed File Transfer to require the user to provide a public key and password.
    Maximum login time per session (min) Type the maximum number of minutes a user can remain logged in per session.
    Maximum idle time per session (min) Type the maximum number of minutes a user session can remain idle.
    Trusted Public SSH key alias
    Public SSH key alias Click and specify certificate alias for the trusted public SSH key files.
    Connection
    Allowed protocols Select the protocols for which you want to allow connections for from the list.
    Default character encoding Select the appropriate default character encoding from the list. The default is UTF-8.
    File-based encryption
    Public PGP key alias Type or browse the certificate alias for the public PGP key.
    File-based decryption
    Private PGP key alias Type or browse the certificate alias for the private PGP key.
  3. Click Save or Save & Close.
    The user is updated with the additional settings.

Modifying a Partner User

To modify a user

  1. Go to Users > Users, and select the user that you want to edit.

  2. Modify the required configuration settings for the user respectively.

  3. Click Save or Save & Close.
    The user is updated with the modified settings.

Changing Passwords for Partner Users

Password Change (By Administrators)

Administrators of IBM webMethods Managed File Transfer can change or set new passwords.

To set or change a password

  1. Go to Users > Users, and select the user to configure additional settings.

  2. If you want to change the user’s password, click Change Password.

  3. In the Change Password dialog box, do one of the following:

    • Select Send reset password link, if you want to reset your password through a secure link sent to the configured email ID. This is the preferred and default option. The password reset link is valid until the password is changed successfully. After you reset the password successfully, the link expires. However, if you do not change the password, the reset link expires after 24 hours. The default value is 24 hours. The administrator can change the default value using the “mft.password.change.token.expiry” property.
    • Select Create new password, if you want to create a specific password. Select Would you like to inform the changed password to user? to inform the user about the password change, and click Ok. See Password Complexity for Partner Users for more information.

    Note
    Your password is sent in an unencrypted plain-text email. As a security best practice, it is recommended that you use the Send reset password link option. Create new password option is deprecated and will be removed in the upcoming release.

Password Change (By Partner Users)

IBM webMethods Managed File Transfer partner users can now set or change their password from the login page of IBM webMethods Managed File Transfer Webclient.

To set or change a password (By IBM webMethods Managed File Transfer partner users)

  1. Click Forgot password on the login page.

  2. Type the username and click Get an email with instructions. A password reset link will be sent to the user’s linked email ID.

  3. Click the password reset link in your email. You will be redirected to the Change password page after clicking on the link.

    Note
    This password reset link can be used once to reset your password. The password reset link is valid until the password is changed successfully. After you reset the password successfully, the link expires. However, if you do not change the password, the reset link expires after 24 hours. The default value is 24 hours. The administrator can change the default value using the “mft.password.change.token.expiry” property.
  4. Type a password that matches the minimum requirements in both the Password and Confirm Password boxes. See Password Complexity for Partner Users for more information.

  5. Click Proceed. You will receive a password reset confirmation on both email and also on your current screen.

  6. Proceed to login by providing your username and the recently reset password. Click Login.

Searching for Users

To search for users

  1. Go to Users > Users, and specify all or one of the following search criteria:

    Field Description
    User ID Type the user ID associated with the user.
    First name Type the first name of the user.
    Last name Type the last name of the user.
  2. Click Apply for the changes to take effect and Reset to reset the values.
    The user list is populated with the users matching your search criteria.

Templates

IBM webMethods Managed File Transfer applies the settings of a template to all the users associated with it. These settings include predefined limits for upload and download file sizes, server connection restrictions, encryption and decryption settings, as well as settings to optimize file transfers for faster speeds.

The default template in IBM webMethods Managed File Transfer provides settings that can be customized to fit specific requirements. Additionally, users can create additional templates and assign any template as the default for new users.

Note
Assign a different template to an existing user and override individual settings for the user.

To add templates in IBM webMethods Managed File Transfer, users can utilize the quick add feature to configure basic settings such as name and description. To configure additional settings for templates, see Configuring Additional Settings for a Template.

Adding a Template

To add a template

  1. Go to Users > Templates.

  2. Click  add  and in the Add template dialog box, specify the following details:

    Field Description
    Name Type a unique name for the template.
    Description Type a description for the template.
  3. Click Add. The new template appears in the templates list.

Configuring Additional Settings for a Template

To configure additional settings

  1. Go to Users > Templates.

  2. Select the template for which you want to configure additional settings. Specify the following details and click Save or Save & Close.

    Basic options

    Field Description
    Name Type a unique name for the template.
    Description Type a description.
    Default template for new user Select this option if you want to set this template as the default template for new users.
    Note: Only one template can be set as the default template. To specify a different default template, save your edits to the current template and switch to the template you want to configure as the default.

    Upload preferences

    Field Description
    Maximum speed (Kb/sec) Type the maximum permissible speed in kilobytes per second for an upload operation.
    Maximum individual file size (MB) Type the maximum permissible size in megabytes for an uploaded file.
    Maximum amount per session (MB) Type the maximum amount of data in megabytes that can be uploaded per session
    Maximum amount per day (MB) Type the maximum amount of data in megabytes that can be uploaded per day.
    Maximum amount per month (MB) Type the maximum amount of data in megabytes that can be uploaded per month.

    Download preferences

    Field Description
    Maximum speed (Kb/sec) Type the maximum permissible speed in kilobytes per second for an download operation.
    Maximum amount per session (MB) Type the maximum amount of data in megabytes that can be downloaded per session.
    Maximum amount per day (MB) Type the maximum amount of data in megabytes that can be downloaded per day.
    Maximum amount per month (MB) Type the maximum amount of data in megabytes that can be downloaded per month.
    Active time window Do one of the following:
    - If you want to restrict access to particular days of a week, then under Days, select the required days you want the server to be available to the user.
    - If you want to restrict access to particular time slots, then under Time selector, click  add . Select the From Time and To Time from the lists, respectively.
    File name filters Configure the file name filters to allow or deny commands (Upload, Download, List, Rename) for files that match a specified pattern. For example, restrict a user from uploading files that end with “.exe”.
    - When you configure the file name filters for Listener Preferences and Users, the User file name filer configuration overrides the Listener Preferences configuration.
    - The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then IBM webMethods Managed File Transfer considers it as a .txt file when applying the filters.
    Patterns Click  add  to add one or more patterns to restrict particular actions for certain files, and specify the following details:
    - Command. Select a command ( List, Download, Upload or Rename) from the list.
    - Filter type, Select a filter type (Starts with, Ends with, or Contains) from the list.
    - File name. Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).
    Note: Any characters except wildcard characters and regular expressions are permitted. IBM webMethods Managed File Transfer Server treats those characters as part of the file name.
    Block paths matching these patterns Click  add  to restrict access to specific folders in the file system, and specify the details for:
    • Pattern. Type the folder path you want to block.

    Tip: Use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you must type: ~/system/bin/*

    Authentication and login options

    Field Description
    Maximum simultaneous logins Type the maximum number of simultaneous logins allowed for the same user.
    Require public key and password Select this option if you want IBM webMethods Managed File Transfer Server to require the user to provide a public key and password.
    Maximum login time per session (min) Type the maximum number of minutes a user can remain logged in per session.
    Maximum idle time per session (min) Type the maximum number of minutes a user session can remain idle.
    Trusted Public SSH key alias
    Public SSH key alias Click  add  and specify certificate alias for the trusted public SSH key files.

    Connection options

    Field Description
    Connection protocols Select the protocols for which you want to allow connections for, from the list.
    Default character encoding Select the appropriate default character encoding from the list. The default is UTF-8.

    File-based encryption options

    Field Description
    Public PGP key alias Type or browse the certificate alias for the public PGP key.

    File-based decryption options

    Field Description
    Private PGP key alias Type or browse the certificate alias for the private PGP key.

    The template is updated with the additional settings.

Modifying a Template

To modify a template

  1. Go to Users > Templates, and click the template that you want to edit.

  2. Modify the required configuration settings for the template.

  3. Click Save or Save & Close.
    The template is updated with the modified settings.