In this tutorial, you will learn how to use Domains in GoAnywhere MFT.
Domains make it possible to virtually segment a GoAnywhere installation into multiple security zones. Admin Users can be authorized to specific Domains, in which those users can only work with the items belonging to those Domains. Examples of items that can be assigned to Domains are Resources, Projects, Schedules, Monitors, Triggers, Admin Users and Web Users. Each Domain can be configured with file access restrictions to prevent users from accessing restricted network locations.
All installations of GoAnywhere MFT include a Default Domain where all items belong to. Follow these steps to configure your GoAnywhere MFT installation for multiple Domains:
Create a New Domain
To create a new Domain, you must first log in to GoAnywhere as an Admin User with the Security Officer role. From the main menu bar, select Users, and then click the Domains link. In the Domains page, click the Add Domain link in the page toolbar to create a Domain.
Specify the Domain information in the appropriate boxes:
- Projects Directory - The location on the network where the Project definitions will be stored for this Domain.
- Workspace Directory - The location on the network where any Project workspaces will be created for this Domain.
- Web Docs Directory - When a Web User in this Domain is configured to use the default Home Directory, this is the location that will be used along with a sub-folder based on the Web User's account name.
Specify the File Access Restrictions for the Domain:
- Restrict Access - Determines if Web Users and Admin Users in this Domain are restricted to specific folder locations.
- Allowed Folders - The Add Folder link allows administrators to specify the folder locations that can be accessed by this Domain. Click the browse button to locate folders on the server.
Note: When a new Domain is added, GoAnywhere will provide the path to the keys location to assist administrators in key management. This path is an optional suggestion to help administrators manage a single key location across multiple Domains.
- Admin Users & Admin Groups - Assign Admin Users or Groups to administrate this domain. Use the arrow buttons to move the Admin User or Group to the appropriate column. You can also drag and drop an Admin User or Group from one column to another.
Click the Save button to add or save the Domain properties.
By default, Admin Users accounts are not assigned to a Domain. However, Admin Users that are members of an Admin Group inherit the Domains that are assigned to that Admin Group. For example, if an Admin User can access a Domain that is not listed in their Admin User Profile, check to see if the Admin User is in any Admin Groups, such as the All Admin Users Group, and then view the Domains that Admin Group has access to.
Viewing Items in a Domain
After a second Domain is created, the current Domain will appear in the upper-right corner of the product administrator screens (called the Domain selection tool). You can click on this Domain in order to select another Domain to switch to.
When a specific Domain is selected, only the items belonging to that Domain will appear in their respective management pages. The 'All' Domain option will display all the items across all Domains which the Admin User has permission to.
Adding Items to a Domain
When two or more Domains exist, and the Domain selection tool has the 'All' Domain selected, Admin Users will be prompted to select the target Domain when adding new Resources, Projects, Schedules, Triggers, Monitors, Web Users and Web User Groups.
Switching Items from One Domain to Another
Once an item is created in a Domain, such as a Web User, Resource, or Project, it can be moved to another Domain using the Switch Domain feature located in the item's Action menu. The Admin User that is switching the item must be authorized to the item's new Domain.
Web User Templates
Web User Templates provide a method to configure the default account settings when new Web Users are created. By defining templates that share common settings (authentication, permissions, account expirations, etc.), this can dramatically reduce the time needed to create new Web User accounts.
The Domain for a Web User Template is chosen when the Web User Template is created. Web Users that are created using a Web User Template will be a member of the Domain specified on the template.
In the example image below, an administrator has started the process of creating a new Web User. The administrator has selected the "Internal Users" template which belongs to the Sales Domain, so the Web User will also become a member of the Sales Domain.
Projects and Folder Permissions
When GoAnywhere is configured to use multiple Domains, each Domain name will appear at the root level of the Project Explorer. For example, in the image below GoAnywhere is configured with multiple Domains named Default, Accounting, IT, HR, and Sales.
The folder will appear gray to Admin Users who do not have permissions to access the Projects within that Domain: