Authorization of the FTAC administrator
It is recommended that the authorization to administer FTAC be given to those users in the system who are responsible for data protection in an z/OS system, since they are the best placed to know what protection measures are required where.
The FTAC administrators of an openFT instance are defined in the FTACADM member of the PARM parameter library (see section “Structure of the PARM member”).
Adapting the default admission set
After the installation of FTAC, all values of the default admission set are set at 0!
This means that it is not yet possible to execute a file transfer with the local openFT instance. This is because as long as no other admission sets are made with FTMODADS, the default admission set is valid for all user IDs. The maximum security level 0 for the basic functions means that these basic functions may not be used. An FTAC administrator must therefore use the command FTMODADS to raise the values of the default admission set.
Examples
All partner systems should be accessible for file transfer for all FTAC users. This is achieved by setting all the values of the default admission set to100. The following command is used:
FTMODADS *STD,MAX-LEV=100More information on the command FTMODADS can be found in the manual "openFT (z/OS) - Command Interface".
A differentiated setting of the default admission set might look as follows:
FTMODADS USER-IDENTIFICATION=*STD, - MAX-LEVELS=(OUTBOUND-SEND=50,OUTBOUND-RECEIVE=50, - INBOUND-SEND=20,INBOUND-RECEIVE=20, - INBOUND-PROCESSING=10,INBOUND-MANAGEMENT=0)The different security levels are assigned selectively. For example, the function "inbound management" can be fully blocked by setting the security level to 0.
Note that FTAC is only effective for connected products such as openFT. If other file transfer products without an openFT-AC connection are also being used, a more comprehensive and coordinated security concept would be advisable.