The FT profile (also called an admission profile) defines the transfer admission and the associated access rights. The transfer admission is the actual key to accessing the BS2000 server via FTP and should therefore be treated with the same care as a password. The transfer admission must be specified in transfer requests instead of a login admission. Anyone who knows the transfer admission will have access to your user ID on the BS2000 server, but unlike the login authorization, will not be free to do as he or she pleases. You can decide which functions are to be permitted by specifying the access rights for the transfer admission. This enables you to control which files can be accessed, for example, and under what conditions. In the most extreme case, you could effectively restrict access to your user ID so severely that only one file can be accessed via only one profile. With the appropriate settings, an FT profile could be used simultaneously for both openFT and FTP.

For each file transfer request, FTAC checks whether the entries in the request conflict with the entries in the FT profile. If such a conflict exists, the FTP request is rejected, and a general error message appears on the client system. This prevents potential intruders from determining the definition of the FT profile in sequential steps on a trial and error basis. A log record that describes the precise cause of the error is created on the BS2000 server.

The following diagram illustrates the sequence for access checks with FTAC.

An admission profile includes the following:

• a transfer admission. This transfer admission must be unique. If a request is to work with the FT profile, this transfer admission must be specified. FTAC will then only permit those access rights for the request which are defined in the FT profile. In order to uniquely assign the responsibility for requests, it is recommended that a transfer admission be assigned to exactly one person.

• if necessary, specification of the partner systems that may access this FT profile.

• details of the parameters that may be used in a request and their scope. This enables the access rights to be restricted for each person who uses this FT profile for FTP.

• if necessary, details on whether and when the FT profile can be used.

• a file name prefix. This prefix contains a part of the path name. The user of the profile can then only navigate below the specified path name. For example, if C:\USR\HUGO\ is specified as a file name prefix on a Unix system, the user of this profile will only be granted access to directories under the path C:\USR\HUGO\. This prevents users from accessing locked directories by entering “. .”.

You can store many different FT profiles.

The following operations can be performed on FT profiles at any time:

• Modify
  and thus adapt the profile to current requirements.

• Lock
  In this case, a request with the locked profile is rejected on account of the invalid transfer admission. If you want to use the profile again, you must first unlock the FT profile.

• Delete
  You should limit the number of your FT profiles by deleting profiles which you no longer need.

• Privilege (system-dependent)
  In special cases, FT profiles can also utilize a function that has been locked in an admission set. In order to do this, the FT profile must be assigned a privilege by the FTAC administrator.

You can also display information on your FT profiles at any time.