What to do if your MFT agent or logger configuration is not secure

If a Managed File Transfer process detects a condition that a configuration file contains sensitive information, is a keystore or truststore file, and has system-wide read, write, or delete permissions, the process will fail to start if detected at startup time. If the condition was not detected at startup time but was detected at runtime, Managed File Transfer generates a warning message and ignores the contents of the configuration file. This is relevant to the protocol bridge and the Connect:Direct® bridge capabilities which reload a configuration if it changes while the agent is running.

Complete the following checks to determine the cause of the problem:
  1. Identify the configuration file that has been reported as not secure from the error message provided.
  2. Ensure that the file access permissions match the requirements needed. For more information, see MFT permissions to access sensitive configuration information.
  3. Restart the agent or logger. Or, in the case of the protocol bridge or Connect:Direct credentials files, wait for the next reload.


Example

In this example of an error message, a database logger is failing to start:

BFGDB0066E: The logger encountered a problem accessing its credentials file and will stop.
Reported error: BFGNV0145E: The 'Everyone' group has access to the file 'C:\mqmftcredentials.xml'.

In this example of an error message, a protocol bridge agent is failing to start:

BFGIO0383E: The security permissions defined for credentials file 'C:\ProtocolBridgeCredentials.xml' do not meet the 
minimum requirements for a file of this type.
Reported problem: BFGNV0145E: The 'Everyone' group has access to the file C:\ProtocolBridgeCredentials.xml'.