Default language.

Setting security restrictions on file uploads

You can restrict BMC Remedy AR System users from uploading and viewing files with certain extensions in BMC Remedy Mid Tier. This feature helps prevent users from uploading malicious attachments and viewing them.

Best practice
BMC recommends using the Remedy Management Console to set the security restrictions on file uploads. For more information, see Setting global and local level configurations using Remedy Management Console.

The following sections are provided:

Restricting attachments

Use the Attachment Security tab in the AR System Administration: Server Information form in the BMC Remedy AR System Administration Console. You must be logged on as an administrator to perform this procedure.

To restrict attachments

Important

This form shows the local level value of the configuration. If a local value does not exist, the form displays the global level configuration. If you modify the value on this form, the local level configuration value is modified.

For example, if a configuration shows global level value and you modify the value by using this form, the local level value gets created for the configuration.

  1. In a browser, open the AR System Administration Console, and click System > General > Server Information.
    The AR System Administration: Server Information form appears.
  2. Click the Attachment Security tab as shown in the following figure:
    AR System Administration: Server Information form — Attachment Security tab
    (Click to expand the image.)
    attachmentsecurity.png
  3. Enter the attachment options that you need, and click Apply.
    The following table describes the available options:

Attachments flowchart

The following flowchart helps you understand the attachment security based on the options that you select from the Attachment criteria list.

Attachment security flowchart

Attachment_Filter_Flowchart.png

Scenarios for restricting attachments

The following table lists examples of parameter values for requests that include attachments:

Disabling views

You can also restrict users from viewing the content of certain types of files. Use the Attachment Security tab in the AR System Administration: Server Information form in the BMC Remedy AR System Administration Console. You must be logged on as an administrator to perform this procedure.

  1. In a browser, open the AR System Administration Console, and click System > General > Server Information.
    The AR System Administration: Server Information form appears.
  2. Click the Attachment Security tab, shown in the following figure
    AR System Administration: Server Information form — Attachment Security tab
    (Click to expand the image.)
    attachmentsecurity.png
  3. Enter the display options that you need, and click Apply.

For any particular attachment that you want to view, the Display button in BMC Remedy Mid Tier or the Display menu command in the BMC Remedy User Tool is enabled only if Display criteria enables you to view that attachment. For all other attachments, the Display button or menu command is dimmed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*