Configuring Datasources for Access from the Transaction Agent

Protecting a Client Datasource from Local Access via the Explorer

On the operating system level, the Transaction Agent allows you to protect datasources from access by unauthorized persons only if they are stored on a secure network drive or on the NTFS partition of your hard disk.

 Caution:

The Transaction Agent cannot protect FAT32 or similarly formatted drives.

How to protect a client datasource:

1. In the Browser of the Chromeleon client, select the datasource to be protected, and then select the Properties command on the context menu. On the General tab page of the Properties dialog box, clear the Protect Datasource Directory check box for the corresponding datasource.

2. In the Windows Explorer, select the directory in which the datasource is located. Select Properties on the context menu. The <Directory Name> Properties dialog box is opened.

3. On the Security tab page, remove the user 'Everyone'. Add the virtual Target User and allow Modify but deny Full Control.

4. Inherit these permissions to all subdirectories and files. Click Advanced… to open the Access Control Settings for <Directory Name> dialog box. Select the Reset permissions on all child objects… check box.

5. In the Chromeleon Browser, return to the Properties dialog box of the datasource and select the Protect Datasource Directory check box.

Protecting Network Datasources

For network datasources, protection comprises:

• Access rights to the operating system of the network server.

  The network datasource is treated in the same way as a datasource on the local client. Thus, follow the steps described under Protecting a Client Datasource from Local Access via the Explorer.

• Access rights by means of shares.

How to protect a Chromeleon network datasource by a share:

1. In the Browser of the Chromeleon client, select the datasource to be protected, and then select the Properties command on the context menu. On the General tab page of the Properties dialog box, clear the Protect Datasource Directory check box for the corresponding datasource.

2. Log off and on to the operation system.

3. In the Windows Explorer, select the directory in which the datasource is located. Select Properties on the context menu. The <Directory Name> Properties dialog box is opened.

4. On the Sharing tab page, type a share name and click Permissions to open the Permissions for <directory name> dialog box.

5. Remove the user 'Everyone'. Add the virtual Target User and allow Modify but deny Full Control.

6. In the Chromeleon Browser, return to the Properties dialog box of the datasource and select the Protect Datasource Directory check box.

This protects the datasource on the network from access via the Windows Explorer.

Additionally Required Rights

• The server and the Target User must have the Modify permission for the Bin directory of the Chromeleon installation.

• If a CmUser Database has been created as Microsoft Data Base, the Target User must have the Modify privilege for the CmUser database directory.

• The Target User must have the Modify privilege for the DSPQ directory of the Chromeleon installation to perform Datasource Performance Qualification using the System Status Report application.

Printing on Network Printers

If the Transaction Agent has been enabled, the virtual Target User and the normal user must have access to the corresponding printer.

Access to Novell Disk Drives

Under Windows XP, it is not possible to access Novell drives while the Transaction Agent is enabled.

Connecting to protected datasources

A user who does not have the related access rights to the datasource may not be able to immediately connect to a protected datasource via the Mount Datasource command. To establish the connection, follow the steps below:

• For local datasources:

• 1. Assign the currently logged on user access rights to the datasource.

  2. Select the Mount Datasource command to connect to the protected datasource.

  3. Restore the original access rights.

• For common datasources (i.e., especially for large network datasources):

• 1. In Windows, log on as Target User of the Transaction Agent and start the Chromeleon client.

      Tip: 

     This is possible only if the Target User is allowed to log on locally, i.e., the user does not have the Deny logon locally privilege.

  2. Select the Mount Datasource command to connect to the protected datasource.

  3. Close the client and log off in Windows.

  4. In Windows, log on as a user account and restart the Chromeleon client.

For basic information about how to set the Transaction Agent, refer to  Setting up the Transaction Agent.

For an overview of the options in the User Database Policies dialog box, refer to  CmUser Database Policies.