Every FTAC user can create his own admission profile for his own user ID with the CREATE-FT-PROFILE command. Admission profiles predefined by the FTAC administrator must be activated by the user with MODIFY-FT-PROFILE (see from "MODIFY-FT-PROFILE - Modify admission profile") before they can be used.

If you call HELP for the SDF command syntax shown below, you may also see someoperands that are not indicated here. This is because only the operands relevant for FTP are described in this section.

Operands

NAME=<alphanum-name 1..8>

With NAME, the admission profile is given a name. This name must be unique among all admission profiles on your user ID. If an admission profile with this name already exists, FTAC rejects the command with the message:

FTC0100 FT profile already exists

The command SHOW-FT-PROFILE (see "SHOW-FT-PROFILE - Display admission profile"ff) can be used to view the already existing names. To obtain this information, the command SHOW-FT-PROFILE can be entered without operands.

TRANSFER-ADMISSION=
With TRANSFER-ADMISSION, you define transfer admission. If this transfer admission is entered in an FTP-LOGON instead of the LOGON admission, then the access rights are defined in this admission profile apply. This transfer admission must be unique in the entire openFT system so that there are no conflicts with other transfer admissions defined by other FTAC users for other access rights.

If the transfer admission that you have selected has already been assigned, FTAC rejects the command with the message:

FTC0101 Transfer admission already exists

TRANSFER-ADMISSION=*NOT-SPECIFIED
This entry is used to set up a profile without a transfer admission. Such a profile remains inaccessible until a valid transfer admission has been assigned.

TRANSFER-ADMISSION=<alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...)

The character string must be entered as the transfer admission in the FTP request. The alphanumeric entry in stored internally in lowercase letters.

VALID=*YES
The transfer admission is valid.

VALID=*NO
The transfer admission is not valid. With this entry, users can be denied access to the profile.

USAGE=*PRIVATE
Access to your profile is denied for security reasons if someone with another user ID makes a repeated attempt to specify the same TRANSFER ADMISSION that you have already used.

USAGE=*PUBLIC
Access to your profile is not denied if another user happens to “discover” your TRANSFER-ADMISSION. “Discovery” means that another user ID attempted to specify the same TRANSFER ADMISSION twice. This is rejected for security reasons.

EXPIRATION-DATE=*NOT-RESTRICTED
The use of this transfer admission is not subject to a time restriction.

EXPIRATION-DATE=<date 8..10>
The use of the transfer admission is only possible until the given date. The entry must be made in the form YYYY-MM-DD or YY-MM-DD.

TRANSFER-ADMISSION=*SECRET
The system prompts you to enter the transfer admission; however, this does not appear on the screen. The operands VALID, USAGE and EXPIRATION-DATE can also be secretly entered in this case.

PRIVILEGED=*NO
The admission profile is not privileged.
FTP requests that are processed with a privileged admission profile are not subject to the restrictions set for MAX-ADM-LEVEL in the admission set. Only the FTAC administrator is allowed to assign a privileged status to profiles.

IGNORE-MAX-LEVELS=
With IGNORE-MAX-LEVELS, you can determine for which of the six basic functions the restrictions of the admission set should be ignored. The user’s MAX-USER-LEVELS can be exceeded in this way. The MAX-ADM-LEVELS in the admission set can only be effectively exceeded with an admission profile which has been designated as privileged by the FTAC administrator. The FTAC user can set up an admission profile for himself for special tasks (e.g. sending a certain file to a partner system with which he normally is not allowed to conduct an FTP transfer), which allows him to exceed the admission set. This profile must be explicitly assigned a privileged status by the FTAC administrator.
If you enter IGNORE-MAX-LEVELS=*YES, the settings for all the basic functions are ignored. If you wish to ignore the admission set for specific basic functions, you need to do this with the operands explained below.

IGNORE-MAX-LEVELS=*NO
FTP requests that are processed with the admission profile are subject to the restrictions of the admission set.

IGNORE-MAX-LEVELS=*YES
*YES allows you to communicate with partner systems whose security level exceeds the specifications of the admission set. If your profile does not have privileged status, you can only disregard the MAX-USER-LEVELS in the admission set, not the MAX-ADM-LEVELS. The current MAX-USER-LEVELS and MAX-ADM-LEVELS settings can be determined by using the command SHOW-FT-ADMISSION-SET (see example on "SHOW-FT-ADMISSION-SET - Display admission sets").

IGNORE-MAX-LEVELS=*PARAMETERS(...)
The following operands can be used to selectively deactivate the default settings for the individual basic functions.

INBOUND-SEND=*NO
The maximum security level that can be reached with the basic function “inbound send” is determined by the admission set.

INBOUND-SEND=*YES
For the basic function “inbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. In addition, the partial component “display file attributes” of the basic function “inbound file management” can be used.

INBOUND-RECEIVE=*NO
The maximum security level that can be reached with the basic function “inbound receive” is determined by the admission set.

INBOUND-RECEIVE=*YES
With this profile, you can disregard your settings for “inbound receive” in the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. In addition, the following partial components of the basic function “inbound file management” can be used:

INBOUND-MANAGEMENT=*NO
The maximum security level that can be reached with the basic function “inbound file management” is determined by the admission set.

INBOUND-MANAGEMENT=*YES
For the basic function “inbound file management”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The partial component “modify file attributes” of the basic function “inbound file management” only functions if the basic function “inbound receive” was permitted in the admission set or admission profile.

USER-ADMISSION=
With USER-ADMISSION, the user specifies the user ID under which the profile is to be saved. FTP requests that work with this admission profile access the given user ID in the local system.

USER-ADMISSION=*OWN
For USER-IDENTIFICATION and ACCOUNT, the specifications for your user ID and your account number are taken from your LOGON authorization. A BS2000 password is only taken from your LOGON authorization when an FTP request accesses the admission profile.

USER-ADMISSION=*PARAMETERS(...)
You can also enter the individual components of the user ID. This allows you to keep FTP requests which work with this admission profile under a different account number, for example. Alternatively, a password can be set in the admission profile. FTP requests which work with this admission profile will then only function if their current LOGON password corresponds to the preset password.

USER-IDENTIFICATION=*OWN / <name 1..8>
With USER-IDENTIFICATION, you enter your user ID in BS2000. Both entries have the same effect.

ACCOUNT=
With ACCOUNT, you enter the account number under which an FTP request is to be accounted when working with this admission profile.

ACCOUNT=*OWN
The account number is taken from your LOGON authorization.

ACCOUNT=<alphanum-name 1..8>
An FTP request should be accounted under the account number specified when it accesses this admission profile. You can enter any account number associated with your user ID.

PASSWORD=
With PASSWORD, you enter the BS2000 password associated with your user ID.

PASSWORD=*OWN
When an FTP request refers to this admission profile, FTAC uses the BS2000 password valid for your user ID at that moment. This prevents you from having to modify the admission profile if the BS2000 password is changed.

PASSWORD=*NONE
No BS2000 password is required for the user ID.

PASSWORD=<c-string 1..8> / <x-string 1..16>
When an FTP request accesses the admission profile, the password specified is compared with the current LOGON password. If the two do not correspond, the FTP request is rejected.

PASSWORD=*SECRET
The system prompts you to enter the password. The entry does not appear on the screen.

INITIATOR=*REMOTE
Since FTP requests are always treated as *REMOTE, the admission profiles for FTP must always have the *REMOTE setting. If the same profile is also used for openFT, the setting (*LOCAL,*REMOTE) would also be allowed, for example.

TRANSFER-DIRECTION=
With TRANSFER-DIRECTION, you determine which transfer direction may be used with this admission profile. The transfer direction is always seen from the viewpoint of the BS2000 FTP server on which the admission profile was defined.

TRANSFER-DIRECTION=*NOT-RESTRICTED
With this admission profile, data can be transferred from the client to the server, and vice versa.

TRANSFER-DIRECTION=*FROM-PARTNER
With this admission profile, data can only be transferred from the client to the server. It is not possible to display file attributes/directories (partial components of “inbound file management”), i.e. the following server commands are not permitted: cdup, xcup, cwd, xcwd, list, mlsd, mlst, nlst, pwd, xpwd, retr.

TRANSFER-DIRECTION=*TO-PARTNER
With this admission profile, data can only be transferred from the server to a client system. It is not possible to modify file attributes or delete files (partial components of “inbound file management”), i.e. the following server commands are not permitted: appe, dele, site file, mkd, xmkd, rmd, xrmd, rnfr, stor, stou.

PARTNER=
With PARTNER, you can specify that this admission profile is to be used only for FTP requests that are processed by a certain client system.

PARTNER=*NOT-RESTRICTED
The scope of this admission profile is not restricted to FTP requests with certain partner systems.

PARTNER=list-poss(50): <text 1..200 with-low>
The admission profile only permits those FTP requests that are processed with the specified client systems. A maximum of 50 client systems may be specified. The total length of all the partners may not exceed 1000 characters. You may specify the name from the partner list or the address of the partner system, see also „openFT (BS2000) Command Interface“. It is recommended, to use the name from the partner list. The format shown in the long form of the logging output provides an indication of how a partner address should be entered in an FTAC profile.

MAX-PARTNER-LEVEL=
With MAX-PARTNER-LEVEL, a maximum security level can be specified. In the case of FTP requests, the client system is assigned a security level specified by the system administrator or a default security level of 100.

MAX-PARTNER-LEVEL=*NOT-RESTRICTED
If FTP requests are processed with this admission profile, then the highest accessible security level is determined by the admission set.

MAX-PARTNER-LEVEL=<integer 0..100>
When you set a value for MAX-PARTNER-LEVEL that is less than the security level specified by the system administrator or the default value of 100, you (temporarily) prevent access to the admission profile for FTP requests.

FILE-NAME=
With FILE-NAME, you determine which files or library members under your user ID may be accessed by FTP requests that use this admission profile.

FILE-NAME=*NOT-RESTRICTED
The admission profile permits unrestricted access to all files of the user ID.

FILE-NAME=*EXPANSION (PREFIX=<full-filename 1..53> / <partial-filename 2..53> / <c-string 1..511 with-low>)

This entry can be used to restrict access to a number of files which all begin with the same prefix. If a file name is entered in an FTP request that uses this admission profile, FTAC places the prefix defined with EXPANSION in front of this file name. The FTP request is then permitted to access the file PrefixFilename.
It is not possible to switch between the POSIX and DMS file systems. If the prefix contains a “/” or begins with “.”, only the POSIX file system can be accessed. In all other cases, only the DMS file system can be accessed.

Example

PREFIX=DAGOBERT.; an FTP request in which the file name BOURSE is specified accesses the file DAGOBERT.BOURSE.

Please note that the part of a DMS file name specified in the FTP command still has to be of the type <full-filename>.

FILE-PASSWORD=
With FILE-PASSWORD, you can enter a password for files into the admission profile. The FTAC functionality then only permits access to files which are protected with this password and to unprotected files. When a FILE-PASSWORD is specified in an admission profile, the password may no longer be specified in an FTP request which uses this admission profile. This allows you to grant users on remote systems access to certain files without having to divulge the file passwords.

FILE-PASSWORD=*NOT-RESTRICTED
The admission profile permits access to all files. If a password is set for a file, then it must be specified in the FTP request.

FILE-PASSWORD=*NONE
The admission profile only permits access to files without file passwords.

FILE-PASSWORD=<c-string 1..4> / <x-string 1..8> / <integer -2147483648..2147483647>

The admission profile only permits access to files which are protected with the specified password and to unprotected files. The password which has already been specified in the profile may not be repeated in the FTP request.

FILE-PASSWORD=*SECRET
The system prompts you to enter the password. The entry does not appear on the screen.

WRITE-MODE=
With WRITE-MODE, you determine the write mode that applies to this FTP request. WRITE-MODE is only effective if the receive file is on the same system on which the admission profile was defined. In FTP commands, the write mode is not specified explicitly, but it is an implicit part of the FTP command:

WRITE-MODE=*NOT-RESTRICTED
In an FTP request which accesses this admission profile, all FTP write modes may be used without restrictions.

WRITE-MODE=*NEW-FILE
The dele, rmd and xrmd FTP commands are not permitted.

WRITE-MODE=*REPLACE-FILE
The stou FTP command is not permitted.

WRITE-MODE=*EXTEND-FILE
The stor, stou, dele, rmd and xrmd FTP commands are not permitted.

FT-FUNCTION=
This operand enables you to restrict the validity of the profile to certain FTP functions (=file transfer and file management functions).

FT-FUNCTION=*NOT-RESTRICTED
The full scope of FTP functions is available.

FT-FUNCTION=(*TRANSFER-FILE, *MODIFY-FILE-ATTRIBUTES, *READ-DIRECTORY, *FILE-PROCESSING)

The following functions are available:

*TRANSFER-FILE
The admission profile may be used for the “transfer files”, “view file attributes” and “delete files” functions.

The following server commands are not permitted:

list, nlist, pwd, xpwd, cwd, xcwd, cdup, xcup, rnfr, size, mdtm

*MODIFY-FILE-ATTRIBUTES
The admission profile may be used for the “view file attributes” and “modify file attributes” functions.

The following server commands are not permitted:

retr, stor, appe, stou, dele, list, mlsd, mlst, nlist, pwd, xpwd, cwd, xcwd, cdup, xcup, size, mdtm

*READ-DIRECTORY
The admission profile may be used for the “view directories” and “view file attributes” functions.

The following server commands are not permitted:

retr, stor, appe, stou, dele

*FILE-PROCESSING
The admission profile may be used for the “pre-processing” and “post-processing” file transfer function. The “transfer files” function must also be permitted. The *FILE-PROCESSING specification is of relevance only for FTAC profiles without a filename prefix. Otherwise the first character of the filename prefix determines whether only normal data transfer (no pipe symbol |) or only pre-processing and post-processing (pipe symbol |) are to be possible with this FTAC profile.

Example

Dagobert Duck wants to create an admission profile for the following purpose:

Donald Duck, employee at the Duck Goldmine, has his own BS2000 system. He has to transfer monthly reports on a regular basis to his boss Dagobert‘s computer, DAGODUCK, using FTP. The file needs to have the prefix MONTHLYREPORTS. Since Dagobert’s admission set does not permit any “nbound” requests, he needs to assign the profile
a privileged status (he is allowed to do this, since he is an FTAC administrator).

The command required to created such an admission profile is as follows:

/CREATE-FT-PROFILE NAME=GOLDMOBE,                                          -
/                  TRANSFER-ADMISSION='monthlyreportfortheboss',           -
/                  PRIVILEGED=*NO,                                         -
/                  IGNORE-MAX-LEVELS=*YES,                                 -
/                  TRANSFER-DIRECTION=*FROM-PARTNER,                       -
/                  FILE-NAME=*EXPANSION(PREFIX=MONTHLYREPORTS.),           -
/                  WRITE-MODE=*REPLACE-FILE

The short form of this command is:

/CRE-FT-PROF GOLDMOBE,TRANS-AD='monthlyreportfortheboss',                  -
/            PRIV=*YES,IGN-MAX-LEV=*YES,TRANS-DIR=*FROM,                   -
/            FILE-NAME=*EXP(PREF=MONTHLYREPORTS.),WRITE=*REPL

Donald Duck, who keeps the monthly report of Goldmine on his BS2000 system in the file NOTHINGBUTLIES, can use the following FTP command of the BS2000 FTP client to send it to the central computer DAGODUCK:

ftp> open DAGODUCK
Connected to DAGODUCK, port 21.
220 DAGODUCK FTP server ... ready.
Name (DAGODUCK:DONADUCK):
*$FTAC
331 Send your FTAC transfer admission as password
Password (DAGODUCK:$FTAC):
*monthlyreportfortheboss
230 $FTAC login ok, access restrictions apply.
ftp> put NOTHINGBUTLIES GOLDMINE
200 PORT command successful.
150 Opening data connection for GOLDMINE (139.25.24.2,4102).
22595 bytes sent in 0.06 seconds (3.6e+02 Kbytes/s)
226 Transfer complete.(SAM-IO)
ftp> bye
221 Goodbye.

Command return codes

SC1/2 = subcode1/2 in decimal form
More information can be found in the manual “openFT - Command Interface”.