MFT sandboxes
We can restrict the area of the file system that the agent can access as part of a transfer. The area that the agent is restricted to is called the sandbox. We can apply restrictions to either the agent or to the user that requests a transfer.
Sandboxes are not supported when the agent is a protocol bridge agent or a Connect:Direct bridge agent. We can not use agent sandboxing for agents that need to transfer to or from IBM MQ queues.
- Work with MFT agent sandboxes
To add an additional level of security to Managed File Transfer, we can restrict the area of a file system that an agent can access.- Work with MFT user sandboxes
We can restrict the area of the file system that files can be transferred into and out of based on the MQMD user name that requests the transfer.- Additional checks for wildcard transfers
If an agent has been configured with a user or agent sandbox in order to restrict the locations that the agent can transfer files to and from, we can specify that additional checks are to be made on wildcard transfers for that agent.Parent topic: Securing Managed File Transfer
Related reference