|
|
|
File Rules
To add Files rule to selected profile select Files in the available list of sandbox rules, then click the "Add Rule" button and fill in the following dialog:
- Sandbox Object - click on Change button and select from predefined sandbox objects the object that you want to use.
- In Access description portion of the dialog specify actions / accesses that the selected application group will be allowed to do. You can also select the reporting level related to these activities. For File access you can grant selected application group with following privileges:
- Append data - appending data to file or adding a file into directory
- Delete
- Delete child - delete subdirectory
- Execute
- File execute - if sandbox object is a file this is self descriptive, if the sandbox object is a directory File Execute means the ability to execute files in such directory
- Full access
- Read
- Read Attributes
- Read control
- Read extended attributes
- Read file data - if the sandbox object is a directory Read File Data means the ability to list the directory
- Read only access
- Synchronize - harmless, allows access for synchronization objects (e.g. for opening the files twice for reading)
- Write
- Write attributes
- Write DAC
- Write extended attributes
- Write file data - essential for creating directory or rewriting file data
- Write owner
For each available access option you can select access/deny and also appropriate level of reporting.