The command MODIFY-FT-PROFILE can be used by any FTAC user to modify his/her admission profile.
In a privileged admission profile, an FTAC user can only modify the operands TRANSFER-ADMISSION and PRIVILEGED.
As soon as an admission profile is modified, the timestamp is also updated. The timestamp is output with SHOW-FT-PROFILE INF=*ALL (LAST-MODIF). The timestamp is also updated if you do not change the properties of the profile, i.e. if you enter MODIFY-FTPROFILE with the parameter NAME, but no other parameters.
If you call HELP for the SDF command syntax shown below, you may also see some operands that are not indicated here. This is because only the operands relevant for FTP are described in this section.
MODIFY-FT-PROFILE - showing operands relevant for FTP | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Operands
NAME=
With NAME, you determine the name of the admission profile to be modified.
NAME=*ALL
Use this to modify all your admission profiles at the same time.
NAME=<alphanum-name 1..8>
Use this to modify the admission profile with this name.
NAME = *STD
Changes the default admission profile for your user ID.
SELECT-PARAMETER=
With SELECT-PARAMETER, you can specify a transfer admission. You then modify the admission profile that is accessed with this transfer admission.
SELECT-PARAMETER=*OWN
Use this to modify your own admission profile.
SELECT-PARAMETER=*PARAMETERS(...)
With this structure, you can specify the selection criteria for the profiles you want to modify.
TRANSFER-ADMISSION=
Entering the TRANSFER-ADMISSION here makes it a selection criterion for the admission profiles that you want to modify.
TRANSFER-ADMISSION=*ALL
All your admission profiles are modified, irrespective of the transfer admission.
TRANSFER-ADMISSION=*NOT-SPECIFIED
Only admission profiles without a defined transfer admission are to be modified.
TRANSFER-ADMISSION=<alphanum-name 8..32> / <c-string 8..32 with-low> / <x-string 15..64>
The admission profile with this transfer admission is to be modified.
TRANSFER-ADMISSION=*SECRET
The system prompts you to enter the transfer admission, but does not display your entry on the screen.
OWNER-IDENTIFICATION=*OWN / <name 1..8>
OWNER-IDENTIFICATION permits the FTAC user to modify his/her own admission profile. Both entries have the same effect.
NEW-NAME=
With NEW-NAME, you assign your admission profile a new name (or not).
NEW-NAME=*OLD
The name of the admission profile remains unchanged.
NEW-NAME=<alphanum-name 1..8>
This is the new name of the admission profile. This name must be unique among all the admission profiles on your user ID. If an admission profile with this name already exists, FTAC rejects the command with the following message:
FTC0100 FT profile already exists
The command SHOW-FT-PROFILE (see from "SHOW-FT-PROFILE - Display admission profile") can be used to obtain information on the already assigned names. It is sufficient to enter SHOW-FT-PROFILE without operands for this information.
TRANSFER-ADMISSION=
With TRANSFER-ADMISSION, you can modify the transfer admission associated with an admission profile. You must ensure that the transfer admission is unique within your openFT (BS2000) system. If the transfer admission you have selected already exists, FTAC rejects the command with the following message:
FTC0101 Transfer admission already exists
TRANSFER-ADMISSION=*UNCHANGED
The transfer admission remains unchanged.
TRANSFER-ADMISSION=*NOT-SPECIFIED
No transfer admission is set, and existing transfer admissions, if any, are invalidated. This blocks the profile.
TRANSFER-ADMISSION=*OLD-ADMISSION(...)
The transfer admission itself remains unchanged, but the options may be changed (in contrast to the entry TRANSFER-ADMISSION=*UNCHANGED). A description of the values in brackets (VALID=, USAGE= and EXPIRATION-DATE=) is given below.
TRANSFER-ADMISSION=<alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...)
The character string must be entered as a transfer admission in the FTP request. The alphanumeric input is always stored in lowercase letters.
VALID=*UNCHANGED
The value remains unchanged.
VALID=*YES
The transfer admission is valid.
VALID=*NO
The transfer admission is not valid. The profile can be blocked with this entry.
USAGE=*UNCHANGED
The value remains unchanged.
USAGE=*PRIVATE
Access to your profile is denied for security reasons whenever another user ID makes a repeated attempt to specify the same TRANSFER ADMISSION that you have already used.
USAGE=*PUBLIC
Access to your profile is not denied if another user happens to “discover” your TRANSFER-ADMISSION. “Discovery” means that another user ID tried to specify the same TRANSFER ADMISSION twice. This is rejected for security reasons.
EXPIRATION-DATE=*UNCHANGED
The value remains unchanged.
EXPIRATION-DATE=*NOT-RESTRICTED
The use of this transfer admission is not subject to a time restriction.
EXPIRATION-DATE=<date 8..10>
The use of the transfer admission is only possible until the given date. The entry must be made in the form YYYY-MM-DD or YY-MM-DD.
TRANSFER-ADMISSION=*SECRET
The system prompts you to enter the transfer admission, but does not display your entry on the screen. The operands VALID, USAGE and EXPIRATION-DATE can also be secretly entered in this case.
PRIVILEGED=
With PRIVILEGED, the FTAC administrator can privilege the admission profile of any FTAC user. FTP requests that are processed with a privileged status are not subject to the restrictions for MAX-ADM-LEVEL in the admission set.
The FTAC user can only revoke an assigned privileged status.
PRIVILEGED=*UNCHANGED
The status of this admission profile remains unchanged.
PRIVILEGED=*NO
With *NO, you can revoke the privileged status.
IGNORE-MAX-LEVELS=
With IGNORE-MAX-LEVELS, you can determine for which of the six basic functions the restrictions of the admission set should be ignored. The MAX-ADM-LEVELS in the admission set can only be effectively exceeded with an admission profile that has been designated as privileged by the FTAC administrator. The FTAC user can set up an admission profile for himself/herself for special tasks (e.g. sending a certain file to a partner system with which he/she is normally not allowed to conduct FTP), which allows him/her to exceed the admission set. This profile must be explicitly assigned a privileged status by the FTAC administrator.
If you enter IGNORE-MAX-LEVELS=*YES, the settings for all the basic functions are ignored. If you want to ignore the admission set for specific basic functions, you will need to do this with the operands explained further below.
IGNORE-MAX-LEVELS=*UNCHANGED
With this admission profile, you can access the same security levels as before the modification (unless you have revoked the privileged status with PRIVILEGED=*NO).
IGNORE-MAX-LEVELS=*NO
FTP requests that are processed with the admission profile are subject to the restrictions of the admission set.
IGNORE-MAX-LEVELS=*YES
*YES allows you to communicate with partner systems whose security level exceeds the specifications of the admission set. If your profile does not have privileged status, you can disregard only the MAX-USER-LEVELS in the admission set, but not the MAX-ADM-LEVELS.
The current MAX-USER-LEVELS and MAX-ADM-LEVELS settings can be determined by using the command SHOW-FT-ADMISSION-SET (see example on "SHOW-FT-ADMISSION-SET - Display admission sets").
IGNORE-MAX-LEVELS=*PARAMETERS(...)
INBOUND-SEND=*UNCHANGED
The maximum security level that can be reached with the basic function “inbound send” remains unchanged.
INBOUND-SEND=*NO
The maximum security level that can be reached with the basic function “inbound send” is determined by the admission set.
INBOUND-SEND=*YES
For the basic function “inbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. In addition, the partial component “display file attributes” of the basic function “inbound file management” can be used.
INBOUND-RECEIVE=*UNCHANGED
The maximum security level that can be reached with the basic function “inbound receive” remains unchanged.
INBOUND-RECEIVE=*NO
The maximum security level that can be reached with the basic function “inbound receive” is determined by the admission set.
INBOUND-RECEIVE=*YES
With this profile, you can disregard your settings for “inbound receive” in the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. In addition, the following partial components of the basic function “inbound file management” can be used:
delete files, as long as the file attributes are set accordingly,
modify file attributes, if the basic function “inbound file management” was admitted in the admission set or in the admission profile.
INBOUND-MANAGEMENT=*UNCHANGED
The maximum security level that can be reached with the basic function “inbound file management” remains unchanged.
INBOUND-MANAGEMENT=*NO
The maximum security level that can be reached with the basic function “inbound file management” is determined by the admission set.
INBOUND-MANAGEMENT=*YES
For the basic function “inbound file management”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The partial component “modify file attributes” of the basic function “inbound file management” only works if the basic function “inbound receive” was permitted in the admission set or admission profile.
USER-ADMISSION=
With USER-ADMISSION, you enter the user ID under which the modified profile is to be saved. FTP requests using this profile access the user ID entered on the local system.
If the FTAC administrator has created an admission profile for a user, the user can enter the ACCOUNT and PASSWORD in the operand USER-ADMISSION by using the command MODIFY-FT-PROFILE (since he/she is the only person who should know them) before the profile is used (see command CREATE-FT-PROFILE, "CREATE-FT-PROFILE - Create admission profile").
USER-ADMISSION=*UNCHANGED
The USER-ADMISSION of this admission profile remains unchanged.
USER-ADMISSION=*OWN
For USER-IDENTIFICATION and ACCOUNT, the specifications for your user ID and your account number are taken from your LOGON authorization. A BS2000 password is only taken from your LOGON authorization when an FTP request accesses the admission profile.
USER-ADMISSION=*PARAMETERS(...)
You can also enter the individual components of the user ID. This allows you to keep FTP requests which use this admission profile under a different account number, for example. Alternatively, a password can be set in the admission profile. FTP requests which use this admission profile will then only function if their current LOGON password corresponds to the preset password.
USER-IDENTIFICATION=
USER-IDENTIFICATION identifies your user ID in BS2000.
USER-IDENTIFICATION= *OWN
Your user ID is taken from your LOGON authorization.
USER-IDENTIFICATION=<name 1..8>
<name 1..8> is the user ID with which the profile is to be associated.
ACCOUNT=
With ACCOUNT, you enter the account number under which an FTP request is to be accounted when working with this admission profile.
ACCOUNT=*OWN
The account number is taken from your LOGON authorization.
ACCOUNT=*NOT-SPECIFIED
The account number is to be specified by the owner of the admission profile. This function enables the FTAC administrator to set up profiles for user IDs without knowing the corresponding account numbers.
ACCOUNT=<alphanum-name 1..8>
With ACCOUNT, you specify the account number under which an FTP request is to be accounted when it accesses this admission profile. You can specify any account number associated with the user ID.
PASSWORD=
With PASSWORD, you enter the BS2000 password associated with your user ID.
PASSWORD=*OWN
When an FTP request refers to this admission profile, FTAC uses the BS2000 password valid for your user ID at that moment. This prevents you from having to modify the admission profile if the BS2000 password is changed.
PASSWORD=*NOT-SPECIFIED
The password is first specified by the owner of the admission profile. This function permits the FTAC administrator to set up profiles for foreign user IDs.
PASSWORD=*NONE
No BS2000 password is required for the user ID.
PASSWORD=<c-string 1..8> / <x-string 1..16>
When an FTP request accesses the admission profile, the specified password is compared with the current LOGON password. If the two do not correspond, the FTP request is rejected.
PASSWORD=*SECRET
The system prompts you to enter the password. The entry does not appear on the screen.
INITIATOR=
With INITIATOR, you determine if initiators from local and/or remote systems are permitted to use this admission profile for their FTP requests.
INITIATOR=*UNCHANGED
The settings in this admission profile remain unchanged.
INITIATOR=*REMOTE
Since FTP requests are always treated as *REMOTE, the admission profiles for FTP must always have the *REMOTE setting. If the same profile is also used for openFT, the setting (*LOCAL,*REMOTE) would also be allowed, for example.
TRANSFER-DIRECTION=
With TRANSFER-DIRECTION, you determine which transfer direction may be used with this admission profile. The transfer direction is always seen from the viewpoint of the BS2000 FTP server on which the admission profile was defined.
TRANSFER-DIRECTION=*UNCHANGED
The settings in this admission profile remain unchanged.
TRANSFER-DIRECTION=*NOT-RESTRICTED
With this admission profile, data can be transferred from the client to the server, and vice versa.
TRANSFER-DIRECTION=*FROM-PARTNER
With this admission profile, data can only be transferred from the client to the server. It is not possible to display file attributes/directories (partial components of “inbound file management”), i.e. the following server commands are not permitted: cdup, xcup, cwd, xcwd, list, mlsd, mlst, nlst, pwd, xpwd, retr, size, mdtm.
TRANSFER-DIRECTION=*TO-PARTNER
With this admission profile, data can only be transferred from the server to a client system. It is not possible to modify file attributes or delete files (partial components of “inbound file management”), i.e. the following server commands are not permitted: appe, dele, site file, mkd, xmkd, rmd, xrmd, rnfr, stor, stou.
PARTNER=
With PARTNER, you can specify that this admission profile is to be used only for FTP requests that are processed by a certain client system.
PARTNER=*UNCHANGED
Any existing PARTNER in the admission profile remains unchanged.
PARTNER=*NOT-RESTRICTED
The scope of this admission profile is not restricted to FTP requests with certain partner systems.
PARTNER=list-poss(50): <text 1..200 with-low>
The admission profile only permits those FTP requests which are processed with thespecified client systems. A maximum of 50 client systems can be specified. You may specify the name from the partner list or the address of the partner system, see also „openFT (BS2000) - Command Interface“. It is recommended, to use the name from the partner list.
PARTNER=*ADD(list-poss(50): <text 1..200 with-low>)
With this specification, you can add elements to an existing list of partner systems. A maximum of 50 client systems can be specified.
PARTNER=*REMOVE(list-poss(50): <text 1..200 with-low>)
With this specification, you can remove elements from an existing list of partner systems. A maximum of 50 client systems can be specified.
MAX-PARTNER-LEVEL=
With MAX-PARTNER-LEVEL, a maximum security level can be specified. In the case of FTP requests, the client system is always assigned a security level specified by the system administrator or the default security level of 100. MAX-PARTNER-LEVEL works in conjunction with the admission set. When non-privileged admission profiles are used, the access check is executed on the basis of the smallest specified value.
MAX-PARTNER-LEVEL=*UNCHANGED
The specification for MAX-PARTNER-LEVEL in this admission set remains unchanged.
MAX-PARTNER-LEVEL=*NOT-RESTRICTED
If FTP requests are processed with this admission profile, then the highest accessible security level is determined by the admission set.
MAX-PARTNER-LEVEL=<integer 0..100>
When you set a value for MAX-PARTNER-LEVEL that is less than the security level specified by the system administrator or the default value of 100, you (temporarily) prevent access to the admission profile for FTP requests.
FILE-NAME=
With FILE-NAME, you determine which files under your user ID may be accessed by FTP requests that use this admission profile.
FILE-NAME=*UNCHANGED
The specifications for FILE-NAME in this admission profile remain unchanged.
FILE-NAME=*NOT-RESTRICTED
The admission profile permits unrestricted access to all files of the user ID.
FILE-NAME =*EXPANSION(PREFIX = <filename 1..53> / <partial-filename 2..53> / <c-string 1..511 with-low>)
This entry can be used to restrict access to a number of files which all begin with the same prefix. If a file name is entered in an FTP request which uses this admission profile, depending on the currently set working directory, FTAC places the prefix defined with EXPANSION before this file name. The FTP request is then permitted to access the file PrefixFilename.
It is not possible to switch between the POSIX and DMS file systems. If the prefix contains a “/” or begins with “.”, only the POSIX file system can be accessed. In all other cases, only the DMS file system can be accessed.
Example
PREFIX=DAGOBERT.; an FTP request in which the file name BOURSE is specified accesses the file DAGOBERT.BOURSE.
Please note that the part of a DMS file name which is specified in the FTP command still has to be of the type <full-filename>.
FILE-PASSWORD=
With FILE-PASSWORD, you can enter a password for files into the admission profile. The FTAC functionality then only permits access to files which are protected with this password and to unprotected files. When a FILE-PASSWORD is specified in an admission profile, the password may no longer be specified in an FTP request which uses this admission profile. This allows you to grant users on remote systems access to certain files without having to divulge the file passwords.
FILE-PASSWORD=*UNCHANGED
The specifications for FILE-PASSWORD in this admission profile remain unchanged.
FILE-PASSWORD=*NOT-RESTRICTED
The admission profile permits access to all files. If a password is set for a file, then it must be specified in the FTP request.
FILE-PASSWORD=*NONE
The admission profile only permits access to files without file passwords.
FILE-PASSWORD=<c-string 1..4> / <x-string 1..8> / <integer -2147483648..2147483647>
The admission profile only permits access to files which are protected with the specified password and to unprotected files. The password which has already been specified in the profile may not be repeated in the FTP request.
FILE-PASSWORD=*SECRET
The system prompts you to enter the password. The entry does not appear on the screen.
WRITE-MODE=
With WRITE-MODE, you determine the write mode that applies to this FTP request. WRITE-MODE is only effective if the receive file is on the same system on which the admission profile was defined. In FTP commands, the write mode is not specified explicitly, but it is an implicit part of the FTP command:
| appe | *EXTEND-FILE |
| stor, rnfr, site file, dele, rmd, xrmd | *REPLACE-FILE |
| stou | *NEW-FILE |
WRITE-MODE=*UNCHANGED
The specifications for WRITE-MODE in this admission profile remain unchanged.
WRITE-MODE=*NOT-RESTRICTED
In an FTP request which accesses this admission profile, all FTP write modes may be used without restrictions.
WRITE-MODE=*NEW-FILE
The dele, rmd and xrmd FTP commands are not permitted.
WRITE-MODE=*REPLACE-FILE
The stou FTP command is not permitted.
WRITE-MODE=*EXTEND-FILE
The stor, stou, dele, rmd and xrmd FTP commands are not permitted.
FT-FUNCTION=
This operand enables you to restrict the validity of the profile to certain FTP functions (=file transfer and file management functions).
FT-FUNCTION=*UNCHANGED
The existing scope of file management functions remains unchanged.
FT-FUNCTION=*NOT-RESTRICTED
The full scope of FTP functions is available.
FT-FUNCTION=(*TRANSFER-FILE, *MODIFY-FILE-ATTRIBUTES, *READ-DIRECTORY, *FILE-PROCESSING)
The following functions are available:
*TRANSFER-FILE
The admission profile may be used for the “transfer files”, “view file attributes” and “delete files” functions.
The following server commands are not permitted:
list, mlsd, mlst, nlist, pwd, xpwd, cwd, xcwd, cdup, xcup, rnfr, size, mdtm
*MODIFY-FILE-ATTRIBUTES
The admission profile may be used for the “view file attributes” and “modify file attributes” functions.
The following server commands are not permitted:
retr, stor, appe, stou, dele, list, mlsd, mlst, nlist, pwd, xpwd, cwd, xcwd, cdup, xcup, size, mdtm
*READ-DIRECTORY
The admission profile may be used for the “view directories” and “view file attributes” functions.
The following server commands are not permitted:
retr, stor, appe, stou, dele, rnfr.
*FILE-PROCESSING
The admission profile may be used for the “pre-processing” and “post-processing” file transfer functions. The “transfer files” function must also be permitted.
The *FILE-PROCESSING specification is of relevance only for FTAC profiles without a filename prefix. Otherwise the first character of the filename prefix determines whether only normal data transfer (no pipe symbol “|”) or only pre- and post-processing (pipe symbol “|”) are to be possible with this FTAC profile
Example
After Donald Duck has created an admission profile with the name profile1, which grants other users access to his user ID with the LOGON authorization, he decides to restrict this profile so that only FTP accesses to files which begin with the prefix BRANCH are possible.
The required command is:
/MODIFY-FT-PROFILE NAME=profile1,FILE-NAME=*EXPANSION(PREFIX=branch.)
A possible short form of this command is:
/MOD-FT-PROF profile1,FILE-N=(PRE=branch.)
This places heavy restrictions on the admission profile. The other specifications remain unchanged.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
| 0 | 0 | FTC0051 | A user ID with the same name already exists in the system. |
| 0 | 64 | FTC0053 | No FT profile exists which meets the criteria specified. |
| 0 | 64 | FTC0055 | The partner restrictions were lifted. |
| 0 | 0 | FTC0056 | Transfer admission is blocked. |
| 0 | 64 | FTC0100 | An FT profile with this name already exists. |
| 0 | 64 | FTC0101 | An FT profile with this transfer admission already exists. |
| 0 | 64 | FTC0150 | The access password is missing. |
| 0 | 64 | FTC0151 | Modifications can only be made by the administrator or owner. |
| 0 | 64 | FTC0153 | The owner ID entered is not the user's own ID. |
| 0 | 64 | FTC0170 | The partner entered is unknown within the partner system available for this user. |
| 0 | 64 | FTC0171 | The profile entered does not exist. |
| 0 | 64 | FTC0172 | The user admission entered does not exist in the system. |
| 0 | 64 | FTC0173 | The processing admission entered does not exist in the system. |
| 0 | 64 | FTC0174 | The parameters “NEW-NAME” and “TRANSFER-ADMISSION” may only used together in conjunction with unique selection criteria (“NAME” or “TRANSFER-ADMISSION”). |
| 0 | 64 | FTC0178 | The partner name entered occurs several times. |
| 0 | 64 | FTC0179 | The maximum number of partner restrictions has been exceeded. |
| 0 | 64 | FTC0182 | The maximum length of partner names has been exceeded. |
| 0 | 64 | FTC0200 | The total length of the two follow-up processing commands is too long. |
| 0 | 64 | FTC0255 | A system error has occurred. |
SC1/2 = Subcode 1/2 in decimal form
More information can be found in the manual “openFT - Command Interface”.