The FTAC administrator has the option of modifying foreign admission profiles:

• He can create admission profiles for external user IDs. No particular restrictions apply in this case.

• He can view them. The transfer admission of an admission profile is not output. This means that the FTAC administrator does not have access rights to the files of foreign user IDs.

• He can delete them. This is the most radical of all options which should only be used in extreme cases and with good reason and upon consultation with the owner of the profile.

• He can privilege them, or conversely revoke privileges, see "Administering admission profiles".

• He can also modify them. If the FTAC administrator neither possesses the necessary system administrator rights nor enters the full LOGON/login authorization of the owner of the profile, the admission profile is locked until the owner of the profile acknowledges this change by setting the transfer admission to "valid" again.

Creating admission profiles for external user IDs

There are a number of different ways in which the FTAC administrator can create an admission profile for an external user ID:

• If the FTAC administrator possesses the necessary administration permissions (see section “Role concept for administration”) then he or she can set up admission profiles for other IDs without restrictions even without knowing the current user password. In these profiles, the FTAC administrator can specify a transfer admission which can be used in FT requests immediately after being created. You should note that FTAC administrators with these administration permissions can set up corresponding admission profiles that give them access to the files of all user IDs and may therefore be able to bypass security regulations!

  The necessary administration permissions depend on the platform:

  • BS2000 systems: TSOS privilege

  • z/OS systems: SU privilege

  • Unix and Windows systems: FTAC administrator permissions

• If the FTAC administrator does not possess the necessary administration permissions, there are two possibilities:

  • He can enter the complete LOGON/login authorization (i.e. user ID, password and possibly also account number). He can then also specify a transfer admission. In this way, he creates a valid admission profile, i.e. this profile can be used immediately in file transfer and file management requests.
    However, the user's password is stored as a fixed element in this type of admission profile. If the user wants to change the password then it is also necessary to modify the admission profile.

  • He simply specifies the user ID (without password and, if applicable, account number). The profile is then created without a transfer admission, which must then subsequently be assigned by the user.

Privileging admission profiles

The procedure to follow when privileging an admission profile is simple:

1. The user creates an admission profile for the planned task

2. The FTAC administrator views the admission profile to determine if the profile presents a threat to data security.

3. If the profile will not endanger security, the FTAC administrator privileges it.