rootdir_security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
rootdir_security [2022/03/14 13:48] yves [Public vs private] |
rootdir_security [2022/08/06 19:41] (current) yves [Accessing secured content] |
||
|---|---|---|---|
| Line 16: | Line 16: | ||
| Based on the type of data storage that a root directory's mounting point refers to, the configuration offers different options: | Based on the type of data storage that a root directory's mounting point refers to, the configuration offers different options: | ||
| - | === Local hard disk entry points === | + | * [[rootdir_local|Local hard disk entry points]] |
| - | + | * [[rootdir_network|Network storage and UNC paths]] | |
| - | If you want to expose a local folder on the server's hard disk as a root directory in PMA.core, you have to give the IIS user account access rights to the folder using the Windows Explorer: | + | * [[rootdir_s3|S3 storage]] |
| - | + | * [[rootdir_azure|Azure storage]] | |
| - | {{ :rootdir_local10.png?direct&400 |}} | + | |
| - | + | ||
| - | Note that even though the dialog shows impersonation options, you can't use these in a local path reference context. The impersonation properties are reserved for networked content, and if you fill them in, PMA.core tries to interpret your local reference as a network path, and subsequently fails trying to access it. | + | |
| - | + | ||
| - | {{ ::rootdir_local20.png?direct&400 |}} | + | |
| - | + | ||
| - | So when defining local hard disk paths, make sure the impersonation options are left blank. | + | |
| - | + | ||
| - | === Network storage (UNC paths) === | + | |
| - | + | ||
| - | Pathomation runs under a certain application pool. This application pool is associated with a user identify, which may not have access to the network path that you try to access. Giving access for the application pool to access the network resource may be difficult for a variety of reasons. | + | |
| - | + | ||
| - | If you can't immediately access the network path with default (i.e. application pool) credentials, you can provide additional information. | + | |
| - | + | ||
| - | In the case below we've created a dedicated pma_read user that is permitted to acces the shared \\MALTA1767\reference path: | + | |
| - | + | ||
| - | {{ :rootdir_network10.png?direct&400 |}} | + | |
| - | + | ||
| - | We can enter this as a path for the mounting point, and add the impersionation information for our pma_read user: | + | |
| - | + | ||
| - | {{ :rootdir_network20.png?direct&400 |}} | + | |
| - | + | ||
| - | The mounting point shows up, and you can activate the View slides tab to inspect its content: | + | |
| - | + | ||
| - | {{ :rootdir_network30.png?direct&400 |}} | + | |
| - | + | ||
| - | If the credentials are faulty, an error appears | + | |
| - | + | ||
| - | === S3 storage === | + | |
| - | + | ||
| - | PMA.core is one of the few vendors that [[https://www.prweb.com/releases/pathomation_announces_support_for_cloud_storage_and_file_transfer_protocol_ftp_servers/prweb18296771.htm|supports cloud storage natively]]. | + | |
| - | + | ||
| - | Let's say that you have an S3 bucket and put slides in it: | + | |
| - | + | ||
| - | {{ ::rootdir_s3_10.png?direct&400 |}} | + | |
| - | + | ||
| - | To protect access, you should create a dedicated entity that can only access that content. | + | |
| - | + | ||
| - | {{ ::rootdir_s3_20.png?direct&400 |}} | + | |
| - | + | ||
| - | You can then create a pair of dedicated access / secret keys for the new entity: | + | |
| - | + | ||
| - | {{ :rootdir_s3_30.png?direct&400 |}} | + | |
| - | + | ||
| - | These keys are then used to configure the S3 mounting point at the PMA.core side: | + | |
| - | + | ||
| - | {{ :rootdir_s3_40.png?direct&400 |}} | + | |
| - | + | ||
| - | The mounting point only functions when the provided credentials are still active on the S3 storage side. If not, an error message ensues: | + | |
| - | + | ||
| - | {{ :rootdir_s3_50.png?direct&400 |}} | + | |
| - | + | ||
| - | If all is well, you can now browse your slides directly from your S3 content. | + | |
| - | + | ||
| - | {{ :rootdir_s3_60.png?direct&400 |}} | + | |
| - | + | ||
| - | === Azure storage === | + | |
| - | + | ||
| - | Microsoft Azure has its own protocol, and so we provide a separate mounting point type of it. | + | |
| - | + | ||
| - | Let's say that you have an Azure container defined and put some slides in it already: | + | |
| - | + | ||
| - | {{ :rootdir_azure_10.png?direct&400 |}} | + | |
| - | + | ||
| - | You can convert these credentials in a connectionstring: | + | |
| - | + | ||
| - | ''%%DefaultEndpointsProtocol=https;AccountName=pathomation;AccountKey=SUPERSECRET;BlobEndpoint=https://pathomation.blob.core.windows.net/;QueueEndpoint=https://pathomation.queue.core.windows.net/;TableEndpoint=https://pathomation.table.core.windows.net/;FileEndpoint=https://pathomation.file.core.windows.net/;%%'' | + | |
| - | + | ||
| - | This text snippet is then pasted in the connection string field of the mounting point properties: | + | |
| - | + | ||
| - | {{ :rootdir_azure_20.png?direct&400 |}} | + | |
| - | + | ||
| - | If all goes well, you can now serve your slides from your Azure storage repositories. | + | |
| ==== Public vs private ==== | ==== Public vs private ==== | ||
rootdir_security.1647254887.txt.gz · Last modified: 2022/03/14 13:48 by yves
