When FTAC is used, the transfer admission check for file transfer and file management requests is carried out when the request is checked by FTAC, independent of whether the request contains a LOGON ID (user ID, account number, password) or a TRANSFER-ADMISSION defined in a user profile. In the latter case, FTAC reads the information required for the check (i.e. the LOGON ID consisting of user ID, account number, password) from the relevant profile. Like openFT, FTAC performs the transfer admission check using RACF calls or compares the entries with the information contained in the SYS1.UADS system file.
If FTAC is not used, openFT itself checks the transfer admission using the LOGON ID (user ID, account number, password) contained in the request.
The user must provide evidence of his or her transfer admission in TRANSFER-
ADMISSION. The check sequence for transfer admission (TRANSFER-ADMISSION) is the same as for checking the admission for follow-up processing (PROCESSING-ADMISSION, see section “Checking authorization for follow-up processing”); so both cases are treated the same.
Checking the user ID and password
openFT first uses the RACROUTE macro to check whether the user ID specified in the NCOPY command for the TRANSFER-ADMISSION or the PROCESSING-ADMISSION is valid and whether the associated user password, if any, is correct. (The RACROUTE macro makes use of the RACF macro RACINIT for this purpose.) If the result of this check is negative, the transfer request is rejected and an error message is issued.
If the return code from the RACROUTE macro indicates that neither RACF nor a compatible product (ACF-2, TOP-SECRET) is installed and active, openFT attempts to check the user ID and the associated password using the SYS1.UADS data set.
If the SYS1.UADS data set is also unavailable, no transfer request is processed and an error message is issued.
Checking the account number
openFT takes the account number from the user's specification in the NCOPY parameter ACCOUNT (TRANSFER-ADMISSION or PROCESSING-ADMISSION). If "accounting information" is specified here, openFT extracts the account number from this information. Any "(" and/or " ' " characters at the start of this specification are removed. The string is then searched for the first comma ",". If a comma is found, all characters preceding this comma are interpreted as the account number. If, however, one of the characters ")" or " ' " is found first, all characters preceding this character are interpreted as the account number. If none of the characters "," or ")" or " ' " are found, the entire string is interpreted as the account number.
If the SYS1.UADS data set is available, openFT checks the account number against the entry which matches to the user ID in this file. If the account number is not entered here, the transfer request is rejected and an error message is issued. If the SYS1.UADS data set is available and no account number is specified in the corresponding operand of the NCOPY command (TRANSFER-ADMISSION or PROCESSING-ADMISSION), no check is performed on the account number.
If the SYS1.UADS data set is not available, openFT checks whether RACF (or compatible product) is active and whether the RACF resource class ACCTNUM is active. If this is the case, openFT checks the account number using RACF. If an account number is specified in the corresponding operand of the NCOPY command (TRANSFER-ADMISSION or PROCESSING-ADMISSION), this is used for checking purposes. However, if no account number is specified, openFT looks for the "TSO default account number" in the "TSO segment" (see section “Checking the transfer admission”) of the user-specific data relating to the user ID in the ACF database. (The RACROUTE macro uses the RACF macro RACXRTR for this purpose). If this database contains a value with a maximum length of 40 characters, it is used for checking purposes. However, if it is still not possible to find an account number specification, a "pseudo account number" consisting of 40 "@" characters is used.
The RACROUTE macro uses the RACF macro RACHECK to perform an RACF check of the account number.
If the SYS1.UADS data set is not available and RACF is active, but the RACF resource class ACCTNUM is not active, no default account number is allocated and no account number check is performed.
If the SYS1.UADS data set is not available and RACF is not active, then the transfer request was rejected with an error message when the user ID and password were checked (see above).
A computer center can thus ensure that transfer requests are processed without the user having to specify an account number in the NCOPY command. To this end, the following steps must be taken:
SYS1.UADS data set available: no further steps necessary.
SYS1.UADS data set not available, RACF resource class ACCTNUM inactive no further steps necessary
SYS1.UADS data set not available, RACF resource class ACCTNUM active:
In this case there are two possibilities:
If omission of the account number will cause openFT to use the default account number of the user ID specified in TRANSFER-ADMISSION or PROCESSING-ADMISSION, then no further steps are necessary. The RACF database, must contain a default account number for each relevant user ID.
If no default account numbers are used and you do not want openFT to check the account numbers of selected users, you must ensure that the above-mentioned "pseudo account number" (40 "@" characters) is entered in RACF (resource class ACCTNUM), and that only these selected users are authorized to use this "pseudo account number". These users may not then make any specification in the ACCOUNT parameter of the NCOPY command.
Notes on the TSO segment
If file transfer requests are initiated from a user ID that does not have a TSO segment or for which there is no standard account information then the local TRANSFER-ADMISSION together with the user ID and account (without user password) must be specified in the NCOPY/FTACOPY/FTSCOPY command. It is not possible to call the FTEXEC and FTADM commands from IDs without a TSO segment. If this restriction is not respected then the request is rejected with the message FTR2047.