For the administration of admission profiles, openFT-AC offers the FTAC administrator the following commands:
CREATE-FT-PROFILE | create admission profile |
DELETE-FT-PROFILE | delete admission profile |
MODIFY-FT-PROFILE | modify admission profile |
SHOW-FT-PROFILE | show admission profile |
The FTAC administrator has the option of modifying foreign admission profiles:
He can view them with the command SHOW-FT-PROFILE . The transfer admission of an admission profile is not output. This means that the FTAC administrator does not have access rights to the files of foreign user IDs.
He can delete them with the command DELETE-FT-PROFILE . This is the most radical of all options which should only be used in extreme cases and with good reason and upon consultation with the owner of the profile.
He can privilege them with the command MODIFY-FT-PROFILE , or conversely revoke privileges.
He can also modify them with MODIFY-FT-PROFILE . If the FTAC neither possesses the TSOS privilege nor specifies the complete USER-ADMISSION including the account and the password of the owner of the profile then the access to the admission profile will be blocked until the owner of the profile acknowledges these modifications by resetting the transfer admission to “valid”, for example with MODIFY-FT-PROFILE <profile> TRANSFER-ADMISSION=*OLD-ADMISSION(VALID=*YES).
Privileging admission profiles
In exceptional cases, the FT user can use a privileged admission profile to disregard the specifications of own admission profile. Exceptional cases where this is allowed include:
if a particular file needs to be transferred,
if follow-up processing is not permitted or severely restricted,
if a partner system with a higher security level is permitted to carry out file transfers with the user ID, but others with lower security levels are not.
The user ID protection is maintained in this case, by the fact that only very restricted access is permitted into the admission profile.
The procedure to follow when privileging an admission profile is simple:
The user creates an admission profile for the planned task with the command CREATE- FT-PROFILE .
The FTAC administrator views the admission profile with the command SHOW-FT- PROFILE to determine if the profile presents a threat to data security.
Example
/SHOW-FT-PROFILE NAME=PROFPROD,SELECT-PARAMETER=(OWNER-IDENTIFICATION=STEVEN),INFORMATION=*ALLShort form:
/SHOW-FT-PROF PROFPROD,SEL=(,STEVEN),INF=*ALLThe output has the following form:
%PROFPROD% IGN-MAX-LEV = (IBR)% FILE-NAME= PROFIT
% USER-ADM= (STEVEN,M4711DON,OWN)% PROC-ADM= SAME% FT-FUNCTION = (TRANSFER-FILE, MODIFY-FILE-ATTRIBUTES,READ-FILE-DIRECTORY)% LAST-MODIF= 2017-01-15 08:24:49The first line of the output shows the name of the admission profile, the second line the values which STEVEN has set in the command CREATE-FT-PROFILE or which are determined by the default values, if Steven doesn’t set them himself.
If the profile will not endanger security, the FTAC administrator privileges it with the help of the command MODIFY-FT-PROFILE.
Example
/MODIFY-FT-PROFILE NAME=PROFPROD,SELECT-PARAMETER=(OWNER-IDENTIFICATION=STEVEN),PRIVILEGED=*YES
In a privileged admission profile, only the transfer admission and the parameter PRIVI- LEGED may be modified by the user. This prevents the misuse of any profiles, once privileged.