Note on usage

Function: Create admission profile

User group: FTAC user and FTAC administrator

A prerequisite for using this command is the use of openFT-AC.

Functional description

All FTAC users can use CREATE-FT-PROFILE to set up their own admission profiles under their user IDs. Users must activate admission profiles predefined by the FTAC administrator with MODIFY-FT-PROFILE before they can be used. Profiles predefined by the FTAC administrator may be used immediately if the FTAC administrator also possesses the TSOS privilege.

The FTAC administrator can use CREATE-FT-PROFILE to create admission profiles for each user. It is necessary to distinguish between three cases:

• The FTAC administrator possesses the TSOS privilege. He/She can then create profiles for other user IDs without restriction which are available for immediate use if they are complete. If the FTAC administrator specifies *NOT-SPECIFIED for ACCOUNT or PASSWORD in the USER-ADMISSION operand, the profiles are not locked, but they cannot be used, either.

• If the FTAC administrator does not possess the TSOS privilege but specifies ACCOUNT and PASSWORD in the USER-ADMISSION parameter, then he/she may also assign a TRANSFER-ADMISSION for the profile. However, this functions only for as long as the current password for the user ID corresponds to the one defined in the profile.

• If the FTAC administrator does not possess the TSOS privilege and also does not specify the user’s account number and password, then he/she may not define any TRANSFER-ADMISSION in the profile. In this case, the user must then assign the profile a TRANSFER-ADMISSION with the MODIFY-FT-PROFILE command, and the specifications for the USER-ADMISSION must, if necessary, be complemented.

  Example

  The FTAC administrator creates an admission profile for user USER1. In doing so he/she specifies only the user ID for the USER-ADMISSION, but not the account number and password. In this case the FTAC administrator may also not specify a TRANSFER-ADMISSION.

  CR-FT-PROF NAME=HISPROF2,TRANS-ADM=*NOT-SPECIFIED, -

  USER-ADM=(USER1,*NOT-SPECIFIED,*NOT-SPECIFIED)

• It is possible to create an admission profile for "preprocessing" or "postprocessing". To do this, the FILE-NAME operand must start with the pipe symbol '|'. After this has been done, one or more BS2000 commands can be specified. For detailed information refer to the section “Preprocessing and postprocessing”.

Format

Operands

NAME = <alphanum-name 1..8>

With NAME, the admission profile is given a name. This name must be unique among all admission profiles on this user ID on the user ID specified in USER-ADM. If an admission profile with this name already exists, FTAC rejects the command with the message:

FTC0100 FT profile already exists

The command SHOW-FT-PROFILE can be used to view the already existing names. To obtain this information, the command SHOW-FT-PROFILE can be entered without operands and a user ID must be specified.

NAME = *STD
Creates a standard admission profile for the user ID. You must specify *NOT-SPECIFIED as the transfer admission, because a standard admission profile in a request is addressed using the user ID and password. You must not specify the parameters VALID, USAGE and EXPIRATION-DATE for a standard admission profile.

PASSWORD =
FTAC password which authorizes you to issue FTAC commands on your user ID, if such a password was defined in your admission set.

PASSWORD = *NONE
No FTAC password is required.

PASSWORD = <c-string 1..8 with-low> / <x-string 1..16>
This FTAC password is required.

PASSWORD = *SECRET
The system prompts you to input the password. However, the password does not appear on the screen.

TRANSFER-ADMISSION =
With TRANSFER-ADMISSION, you define the transfer admission. If this transfer admission is entered in an FT request instead of the LOGON authorization, then the access rights are valid which are defined in this admission profile. This transfer admission must be unique in the entire openFT system, so that there is no conflict with other transfer admissions which other FTAC users have defined for other access rights. When the transfer admission which you have selected has already been used, then FTAC rejects the command with the message:

FTC0101 Transfer admission already exists

The FTAC administrator can also assign a transfer admission when he/she creates an admission profile for a user ID. If the FTAC administrator possesses no TSOS admission, he/she must also enter the complete USER-ADMISSION for the user ID in question (USER-IDENTIFICATION, ACCOUNT and PASSWORD).

TRANSFER-ADMISSION = *NOT-SPECIFIED

This entry is used to set up a profile without transfer admission. If the profile is not a standard admission profile, it is locked until you specify a valid transfer admission or the owner specifies a valid transfer admission.

TRANSFER-ADMISSION = <alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...)
The character string must be entered as the transfer admission in the transfer request. The alphanumeric entry is always stored in lower-case letters.

VALID = *YES
The transfer admission is valid.

VALID = *NO
The transfer admission is not valid. With this entry, users can be denied access to the profile.

USAGE = *PRIVATE
Access to your profile is denied for security reasons, when someone with another user ID attempts a second time to specify the TRANSFER ADMISSION which has already been used by you.

USAGE = *PUBLIC
Access to your profile is not denied if another user happens to “discover” your TRANSFER-ADMISSION. “Discovery” means that another user ID attempted to specify the same TRANSFER ADMISSION twice. This is rejected for uniqueness reasons.

EXPIRATION-DATE = *NOT-RESTRICTED
The use of this transfer admission is not restricted with respect to time.

EXPIRATION-DATE = <date 8..10>
Date in the format yyyy-mm-dd or yy-mm-dd, e.g. 2017-12-31 or 17-12-31 for December 31, 2017. The use of the transfer admission is only possible until the given date.

TRANSFER-ADMISSION = *SECRET
The system prompts you to input the transfer admission. However, this does not appear on the screen. The operands VALID, USAGE and EXPIRATION-DATE can also be secretly entered in this case.

PRIVILEGED =
The FTAC administrator can privilege the profile. FT requests which are processed with a privileged admission profile are not subject to the restrictions which are set for MAX-ADM-LEVEL (see section “Output of SHOW-FT-ADMISSION-SET”) in the admission set.

PRIVILEGED = *NO
The admission profile is not privileged. As FTAC user you can omit this parameter, because you only can specify *NO.

PRIVILEGED = *YES

The admission profile is privileged.
Only the FTAC administrator can use this entry.

IGNORE-MAX-LEVELS =
You can determine for which of the six basic functions the restrictions of the admission set should be ignored. The user’s MAX-USER-LEVELS can be exceeded in this way. The MAX-ADM-LEVELS in the admission set can only be effectively exceeded with an admission profile which has been designated as privileged by the FTAC administrator. The FTAC user can set up an admission profile for himself/herself for special tasks (e.g. sending a certain file to a partner system with which he/she normally is not allowed to conduct a file transfer), which allows him/her to exceed the admission set. This profile must be explicitly given privileged status by the FTAC administrator.
If you enter IGNORE-MAX-LEVELS=*YES, the settings for all the basic functions are ignored. If you wish to ignore the admission set for specific basic functions, you need to do this with the operands explained later in the text.
The following table shows which partial components of the file management can be used under which conditions:

IGNORE-MAX-LEVELS = *NO
FT requests which are processed with the admission profile are subject to the restrictions of the admission set.

IGNORE-MAX-LEVELS = *YES
*YES allows you to communicate with partner systems whose security level exceeds the specifications of the admission set. Unless you have a privileged profile, you can only exceed the MAX-USER-LEVELS and not the MAX-ADM-LEVELS in the admission set. You must respect the restrictions defined in the admission set by the FTAC administrator. The SHOW-FT-ADMISSION-SET command provides information on the entries made by the FTAC administrator (see example in section “Output of SHOW-FT-ADMISSION-SET”).

This includes information about the current MAX-USER-LEVELS and MAX-ADM-LEVELS settings.

IGNORE-MAX-LEVELS = *PARAMETERS(...)
The following operands can be used to selectively deactivate the default settings for the individual basic functions.

OUTBOUND-SEND = *NO
The maximum security level which can be reached with the basic function “outbound send” is determined by the admission set.

OUTBOUND-SEND = *YES
For the basic function “outbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.

OUTBOUND-RECEIVE = *NO
The maximum security level which can be reached with the basic function “outbound receive” is determined by the admission set.

OUTBOUND-RECEIVE = *YES
For the basic function “outbound receive”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.

INBOUND-SEND = *NO
The maximum security level which can be reached with the basic function “inbound send” is determined by the admission set.

INBOUND-SEND = *YES
For the basic function “inbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The same applies to the partial component “display file attributes” of the basic function “inbound file management”.

INBOUND-RECEIVE = *NO
The maximum security level which can be reached with the basic function “inbound receive” is determined by the admission set.

INBOUND-RECEIVE = *YES
You can disregard your settings for “inbound receive” in the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The same applies to the partial components of the basic function “inbound file management”:

INBOUND-PROCESSING = *NO

The maximum security level which can be reached with the basic function “inbound follow-up processing” is determined by the admission set.

INBOUND-PROCESSING = *YES
For the basic function “inbound follow-up processing”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.

INBOUND-MANAGEMENT = *NO
The maximum security level which can be reached with the basic function “inbound file management” is determined by the admission set.

INBOUND-MANAGEMENT = *YES
For the basic function “inbound file management”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The partial component “modify file attributes” of the basic function “inbound file management” only functions if the basic function “inbound receive” was admitted in the admission set or admission profile.

USER-ADMISSION =
USER-ADMISSION specifies the user ID under which the profile is saved. FT requests which work with this admission profile access the given user ID in the local system.
As FTAC user you can specify only your own user ID here.
If, as FTAC administrator, you create the admission profile for a user, you cannot generally specify neither ACCOUNT nor PASSWORD in the USER-ADMISSION operand (since these should be known only to the user in question). These specifications must be entered by the user by means of MODIFY-FT-PROFILE before the profile can actually be used.
As FTAC administrator you can create a profile which is available for immediate use, i.e. a profile with the TRANSFER-ADMISSION defined, only if you specify the USER-ADMISSION with ACCOUNT and PASSWORD or if you also possess the TSOS privilege. For ACCOUNT= you can also specify *FIRST or *NONE.

USER-ADMISSION = *OWN
For USER-IDENTIFICATION and ACCOUNT, the specifications are taken from the current LOGON authorization. A possible BS2000 password is only taken from your LOGON authorization when an FT request accesses the admission profile. This specification consequently generates a profile in the current user ID.

USER-ADMISSION = *PARAMETERS(...)
Specifies the individual components of the user ID.
This allows you to keep FT requests which use this admission profile under an account number other than the current one, for example. Or, a password can be set in the admission profile. FT requests which use this admission profile will then only function if the current LOGON password corresponds to the preset password.

USER-IDENTIFICATION =

User ID in BS2000.

USER-IDENTIFICATION = *OWN
The user ID is taken from the current LOGON authorization.

USER-IDENTIFICATION = <name 1..8>
User ID to which the profile should belong. As FTAC administrator you may also specify foreign user IDs. As an FTAC user you can only specify your own user ID; the specification corresponds to *OWN.

ACCOUNT =
Account number under which an FT request is to be kept when it uses this admission profile.

ACCOUNT = *OWN
The account number is taken from the current LOGON authorization.

ACCOUNT = *FIRST
The first account number assigned to the home pubset of the specified USER-IDENTIFICATION at the time the profile is used in the system is used for account assignment in the case of transfer requests. If the ID’s account number changes, the profile does not have to be modified.

ACCOUNT = *NOT-SPECIFIED
No account number is defined.
The account number is first entered by the owner of the admission profile. This function allows the FTAC administrator to create profiles for foreign user IDs whose account number he/she does not know.

ACCOUNT = *NONE
The account number is used which is defined as the default account number of the user ID specified in the USER-IDENTIFICATION at the time the admission profile is used.

ACCOUNT = <alphanum-name 1..8>
An FT request should be kept under the account number specified when it accesses this admission profile. You can enter any account number which belongs to the user ID specified in the USER-IDENTIFICATION.

PASSWORD =
BS2000 password which an FT request should use when it works with this admission profile.

PASSWORD = *OWN
When an FT request refers to this admission profile, FTAC uses the BS2000 password valid for the specified USER-IDENTIFICATION at that moment. This prevents you from having to modify the admission profile if the BS2000 password is changed.

PASSWORD = *NOT-SPECIFIED

The password will be entered by the owner of the admission profile. This function allows the FTAC administrator to create profiles for foreign user IDs whose access data he/she does not know.

PASSWORD = *NONE
No password is required for the user ID specified in the USER-IDENTIFICATION.

PASSWORD = <c-string 1..8> / <c-string 9..32> / <x-string 1..16>
When an FT request accesses the admission profile, the password specified is compared with the current LOGON password. If the two do not correspond, the FT request is rejected.

PASSWORD = *SECRET
The system prompts you to enter the password. The entry does not appear on the screen.

INITIATOR =
Determines if initiators from local and/or remote systems are permitted to use this admission profile for their FT requests.

INITIATOR = ( *LOCAL,*REMOTE )
This admission profile may be used by initiators from local and remote systems.

INITIATOR = *REMOTE
This admission profile may only be used for FT requests by initiators from remote systems.

INITIATOR = *LOCAL
This admission profile may only be used for FT requests by initiators from the local system.

TRANSFER-DIRECTION =
Determines which transfer direction may be used with this admission profile. The transfer direction is always determined from the system in which the admission profile was defined.

TRANSFER-DIRECTION = *NOT-RESTRICTED
With this admission profile, files can be transferred to and from a partner system.

TRANSFER-DIRECTION = *FROM-PARTNER
With this admission profile, files can only be transferred from a partner system to your system. It is not possible to display file attributes/directories (partial components of “inbound file management”).

TRANSFER-DIRECTION = *TO-PARTNER
With this admission profile, files can only be transferred from your system to a partner system. It is not possible to modify file attributes or delete files (partial components of “inbound file management”).

PARTNER =
Specifies that this admission profile is to be used only for FT requests which are processed by a certain partner system.

PARTNER = *NOT-RESTRICTED

The range of use for this admission profile is not restricted to FT requests with certain partner systems.

PARTNER = list-poss(50): <text 1..200 with-low>
The admission profile only permits those FT requests which are processed with the specified partner systems. A maximum of 50 partner names can be specified. The total length of all the partners may not exceed 1000 characters. You may specify the name from the partner list or the address of the partner system, see also section “Specifying partneraddresses”. It is recommended, to use the name from the partner list. The format shown in the long form of the logging output provides an indication of how a partner address should be entered in an FTAC profile.

MAX-PARTNER-LEVEL =
A maximum security level can be specified. The admission profile will then only permit those FT requests which are processed with partner systems which have this security level or lower.
MAX-PARTNER-LEVEL works in conjunction with the admission set. When non-privileged admission profiles are used, the access check is executed on the basis of the smallest specified value.

MAX-PARTNER-LEVEL = *NOT-RESTRICTED
If FT requests are processed with this admission profile, then the highest accessible security level is determined by the admission set.

MAX-PARTNER-LEVEL = <integer 0..100>
All partner systems which have this security level or lower can be communicated with.

FILE-NAME =
Determines which files or library members under your user ID may be accessed by FT requests that use this admission profile.

FILE-NAME = *NOT-RESTRICTED
Permits unrestricted access to all files and library members of the user ID.

FILE-NAME = <filename 1..54> / <c-string 1..512 with-low> /
*POSIX(NAME = <posix-pathname 1..510>)
Only the specified file may be accessed. However, openFT is also able to generate unique filenames automatically, thus providing an easy way of avoiding conflicts. This is done by specifying the string %UNIQUE at the end of the filename which is predefined here. When follow-up processing is specified, this file can be referenced with %FILENAME.
You can also directly specify file transfer with file preprocessing or postprocessing here by entering a pipe symbol ’|’ followed by a command.

FILE-NAME = *EXPANSION(PREFIX = <filename 1..53> / <partial-filename 2..53> / <cstring 1..511 with-low>)

Restricts access to a number of files which all begin with the same prefix. If a filename is entered in an FT request which works with this admission profile, FTAC sets the prefix defined with EXPANSION in front of this filename. The FT request is then permitted to access the file PrefixFilename.

Example

• PREFIX=JACK.; an FT request in which FILE-NAME=BOERSE is specified, then accesses the file JACK.BOERSE.

Please note that the part of a DVS filename which is specified in the file transfer command still has to be of the type <filename>.

If you want to perform file transfer with pre- or postprocessing, you should indicate this by entering the pipe symbol ‘|’ at the start of the prefix. The created FTAC profile can then be used only for file transfer with pre- or postprocessing since the file name that is generated also starts with a ‘|’. The variable %TEMPFILE can also be used in the filename prefix. You can find detailed information on preprocessing and postprocessing in the section section“Preprocessing and postprocessing”.

The maximum length of the entire pre- or postprocessing command is limited to the maximum length of the file name. If several commands are specified, then they must be separated by a semicolon (‘;’).
There must not be a space between the semicolon and the slash.

Example

FILE-NAME = C‘|/Command1;/Command2;/Command3; ...‘

If you specify a name prefix that starts with a pipe character with *EXP(PREFIX=...), the preprocessing or postprocessing command of the FT request must not contain any semicolons. If the preprocessing or postprocessing command nevertheless contains semicolons, it must be enclosed in '...' (single quotes) or "..." (double quotes).

Special cases

• A file name or file name prefix that begins with the string '|ftexecsv' must be specified for admission profiles that are to be exclusively used for the ftexec command (see example 3).

• Specify the file name prefix '|*ftmonitor' for admission profiles that are exclusively used for monitoring. A profile of this sort can then be used in the openFT Monitor or in an ft or ncopy command from a Windows or Unix system (see example 2).

FILE-NAME = *LIBRARY-ELEMENT(...)
Determines which of your libraries and library members may be accessed by FT requests which use this admission profile.

LIBRARY =

Defines which libraries may be accessed with this admission profile.

LIBRARY = *NOT-RESTRICTED
The admission profile does not restrict access to libraries.

LIBRARY = <filename 1..54>
Only this library may be accessed.

LIBRARY = *EXPANSION(PREFIX = <filename 1..53> / <partial-filename 2..53>)
Only those libraries may be accessed which begin with the specified prefix. FTAC sets the prefix in front of a library name in an FT request which works with this admission profile, and then permits access to the library Prefix-Libraryname.

ELEMENT =
Determines which library members may be accessed with this admission profile.

ELEMENT = *NOT-RESTRICTED
Permits unrestricted access to library members.

ELEMENT = <composed-name 1..64 with-under>(...)Permits access to the specified library member.

VERSION =
Access is only permitted for a specific version of the library member.

VERSION = *STD
Permits access only to the highest version of the library member.

VERSION = <text 1..24>
Access is only permitted for this version of the library member.

ELEMENT = *EXPANSION(PREFIX = <partial-filename 2..63> /
<composed-name 1..63 with-under)
Defines a prefix. When a name for a library member is specified in an FT request which works with this admission profile, FTAC adds the specified prefix to this member name. The admission profile then permits access to this member with the name PrefixMembername.

TYPE =
Specifies a certain type of library member. The admission profile then only permits access to library members of this type.

TYPE = *NOT-RESTRICTED
Access is not restricted to a certain type of library member.

TYPE = <name 1..8>
FT requests which work with this admission profile may only access library members of this type.

FILE-PASSWORD =

You can enter a password for files into the admission profile. The FTAC functionality then only permits access to files which are protected with this password and to unprotected files. When a FILE-PASSWORD is specified in an admission profile, the password may no longer be specified in an FT request which uses this admission profile. This allows you to permit access to certain files to users in remote systems, without having to give away the file passwords.

FILE-PASSWORD = *NOT-RESTRICTED
Permits access to all files. If a password is set for a file, then it must be specified in the transfer request.

FILE-PASSWORD = *NONE
Only permits access to files without file passwords.

FILE-PASSWORD = <c-string 1..4> / <x-string 1..8> /
<integer -2147483648..2147483647>
Only permits access to files which are protected with the password specified and to unprotected files. The password which has already been specified in the profile may not be repeated in the transfer request. PASSWORD=*NONE would be entered in this case!

FILE-PASSWORD = *SECRET
The system prompts you to enter the password. However, the password does not appear on the screen.

PROCESSING-ADMISSION =
You can enter a user ID in your BS2000 system . Any follow-up processing of an FT request will be executed under this user ID. With PROCESSING-ADMISSION in the admission profile, you do not need to disclose your LOGON authorization to partner systems for followup processing.

PROCESSING-ADMISSION = *SAME
For the PROCESSING-ADMISSION, the values of the USER-ADMISSION are used. If *SAME is entered here, then any FT request which uses this profile must also contain PROCESSING-ADMISSION=*SAME or PROCESSING-ADMISSION=*NOT-SPECIFIED.

PROCESSING-ADMISSION = *NOT-RESTRICTED
FT requests which use this admission profile may contain any PROCESSING-ADMISSION. If you wish to perform follow-up processing with FTAM partners, PROCESSING-ADMISSION must have a value other than *NOT-RESTRICTED.

PROCESSING-ADMISSION = *PARAMETERS(...)
You can also enter the individual components of the user ID. This allows you to keep
FT requests which use this admission profile under a different account number, for example. Or, a password can be set in the admission profile. FT requests which use this admission profile will then only function if their current LOGON password corresponds to the pre-set password.

USER-IDENTIFICATION =

Identifies the user ID under which the follow-up processing is to be executed.

USER-IDENTIFICATION = *SAME
The USER-IDENTIFICATION is taken from the USER-ADMISSION.

USER-IDENTIFICATION = *NOT-RESTRICTED
The admission profile does not restrict the user ID for the follow-up processing.

USER-IDENTIFICATION = <name 1..8>
FT requests which are processed with this admission profile are only permitted followup processing under this user ID. If another user ID is entered here, the parameter PASSWORD must also be entered. PASSWORD=*SAME is then not valid.

ACCOUNT =
Account number for the follow-up processing.

ACCOUNT = *SAME
The account number is taken from the USER-ADMISSION.

ACCOUNT = *NOT-RESTRICTED
Account number in FT requests which work with the admission profile. The admission profile does not restrict the account with regard to follow-up processing.

ACCOUNT = *NONE
The account number is used which is defined as the default account number of the user ID specified in the USER-IDENTIFICATION at the time the admission profile is used.

ACCOUNT = <alphanum-name 1..8>
Follow-up processing is to be settled under this account number.

PASSWORD =
You specify, where applicable, the BS2000 password for the user ID specified in the USER-IDENTIFICATION under which the follow-up processing is to be executed. Here, you can enter a PASSWORD when the user ID in question doesn’t have such a password (yet).

PASSWORD = *SAME
The value *SAME is only valid if the PROCESSING-ADMISSION refers to your own user ID. If PASSWORD=*OWN is entered on USER-ADMISSION, then the password valid at the time of the request is used for the PROCESSING-ADMISSION.
The entry *SAME is only possible here if the follow-up processing is not started with the /ENTER command.

PASSWORD = *NOT-RESTRICTED
Specifies the password in FT requests which work with the admission profile. The admission profile does not restrict the password with regard to follow-up processing.

PASSWORD = *NONE

FT requests which use this admission profile can only initiate follow-up processing on user IDs without a password.

PASSWORD = <c-string 1..8> / <c-string 9..32> / <x-string 1..16>
FT requests which use this admission profile may only initiate follow-up processing on user IDs which are protected with this password.

PASSWORD = *SECRET
The system prompts you to enter the password. The entry does not appear on the screen.

SUCCESS-PROCESSING =
Restricts the follow-up processing which an FT request is permitted to initiate in your system after a successful data transfer.

SUCCESS-PROCESSING = *NOT-RESTRICTED
In FT requests which use this admission profile the operand SUCCESS-PROCESSING may be used without restriction.

SUCCESS-PROCESSING = *NONE
The admission profile does not permit follow-up processing after successful data transfer.

SUCCESS-PROCESSING = <c-string 1..1000 with-low>
Commands which are executed in the local system after successful data transfer. Individual commands must be preceded by a slash (/).
The individual commands must be separated by a semicolon (;). If a character string is enclosed by single or double quotes (’ or ”) within a command sequence, openFT does not interpret any semicolons within this character string as a separator.

SUCCESS-PROCESSING = *EXPANSION(...)
If a SUCCESS-PROCESSING was specified in an FT request which uses this admission profile, FTAC adds the prefix or suffix specified here to this command. As follow-up processing, the command which has been thus expanded is then executed.

If a suffix or prefix is defined at this point, then no command sequence for the follow-up processing may be specified in FT requests which use this admission profile. This makes the setting of prefixes and suffixes mandatory.

PREFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a prefix.

PREFIX = <c-string 1..999 with-low>
The specified prefix is set in front of a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the prefix is executed as follow-up processing.

SUFFIX = *NOT-RESTRICTED
The follow-up processing is not restricted by a suffix.

SUFFIX = <c-string 1..999 with-low>

The specified suffix is added to a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the suffix is executed as follow-up processing.

Example

If PREFIX=’/PRINT-FILE ’ is defined and SUCC=’filename’ specified in the FT request, then FT executes the command “/PRINT-FILE filename” as follow-up processing.

FAILURE-PROCESSING =
Restricts the follow-up processing which an FT request is permitted to initiate in your system after a failed data transfer.

FAILURE-PROCESSING = *NOT-RESTRICTED
In FT requests which use this admission profile the operand FAILURE-PROCESSING may be used without restriction.

FAILURE-PROCESSING = *NONE
The admission profile does not permit follow-up processing after failed data transfer.

FAILURE-PROCESSING = <c-string 1..1000 with-low>
Commands which are executed in the local system after failed data transfer.
Individual commands must be preceded by a slash (/).
The individual commands must be separated by a semicolon (;). If a character string is enclosed by single or double quotes (’ or ”) within a command sequence, openFT does not interpret any semicolons within this character string as a separator.

FAILURE-PROCESSING = *EXPANSION(...)
If a FAILURE-PROCESSING was specified in an FT request which uses this admission profile, FTAC adds the prefix or suffix specified here to this command. As follow-up processing, the command which has been thus expanded is then executed.

If a suffix or prefix is defined at this point, then no command sequence for the follow-up processing may be specified in FT requests which use this admission profile. This makes the setting of prefixes and suffixes mandatory.

PREFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a prefix.

PREFIX = <c-string 1..999 with-low>
The specified prefix is set in front of a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the prefix is executed as follow-up processing.

SUFFIX = *NOT-RESTRICTED
The follow-up processing is not restricted by a suffix.

SUFFIX = <c-string 1..999 with-low>

The specified suffix is added to a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the suffix is executed as follow-up processing.

WRITE-MODE =
Determines the WRITE-MODE specification which is valid for this FT request. WRITE-MODE is only effective if the receive file is in the same system as the admission profile definition.

WRITE-MODE = *NOT-RESTRICTED
In an FT request which accesses this admission profile, the operand WRITE-MODE may be used without restrictions.

WRITE-MODE = *NEW-FILE
In the FT request, *NEW-FILE, *REPLACE-FILE or *EXTEND-FILE may be entered for WRITE-MODE. If the receive file already exists, the transfer will be rejected.

WRITE-MODE = *REPLACE-FILE
In the FT request of openFT or FTAM partners, only *REPLACE-FILE or *EXTEND-FILE may be entered for WRITE-MODE. With ftp partners, *NEW-FILE may also be entered if the file does not yet exist.

WRITE-MODE = *EXTEND-FILE
In the FT request, only *EXTEND-FILE may be entered for WRITE-MODE.

FT-FUNCTION =
Permits the restriction of the profile validity to certain FT functions (=file transfer and file management functions).

FT-FUNCTION = *NOT-RESTRICTED
The full scope of FT functions is available. For reasons of compatibility, the specification NOT-RESTRICTED means that FILE-PROCESSING and REMOTE-ADMINISTRATION are not permitted! All other functions are permitted if this value is specified.

FT-FUNCTION = (*TRANSFER-FILE, *MODIFY-FILE-ATTRIBUTES, *READ-DIRECTORY,*FILE-PROCESSING, *REMOTE-ADMINISTRATION)
The following file transfer functions are available:

*TRANSFER-FILE
The admission profile may be used for the file transfer functions “transfer files”, “view file attributes” and “delete files”.

*MODIFY-FILE-ATTRIBUTES
The admission profile may be used for the file transfer functions “view file attributes” and “modify file attributes”.

*READ-DIRECTORY
The admission profile may be used for the file transfer functions “view directories” and “view file attributes”.

*FILE-PROCESSING
The admission profile may be used for the “preprocessing” and “postprocessing” file transfer function. The “transfer files” function must also be permitted.

The *FILE-PROCESSING specification is of relevance only for FTAC profiles without a filename prefix. Otherwise the first character of the filename prefix determines whether only normal data transfer (no pipe symbol |) or only preprocessing and postprocessing (pipe symbol |) are to be possible with this FTAC profile.

*REMOTE-ADMINISTRATION
The admission profile is allowed to be used for the "remote administration" function. This allows a remote administrator to administer the openFT instance using this profile. *REMOTE-ADMINISTRATION may only be specified by the FT administrator or FTAC administrator.

USER-INFORMATION =
Here, you enter a text in the admission profile. This text is displayed with the command SHOW-FT-PROFILE.

USER-INFORMATION = *NONE No text is stored in the profile.

USER-INFORMATION = <c-string 1..100 with-low>
Here, you enter a character string containing user information.

DATA-ENCRYPTION =
Restricts the encryption option for user data.

DATA-ENCRYPTION = *NOT-RESTRICTED
The encryption option for user data is not restricted. Both encrypted and unencrypted file transfers are accepted.

DATA-ENCRYPTION = *NO
Only those file transfers which do not have encrypted user data are accepted, i.e. encrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the file transfer request DATA-ENCRYPTION=*NO.

DATA-ENCRYPTION = *YES
Only those file transfer requests that have encrypted user data are accepted, i.e. unencrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the transfer request DATA-ENCRYPTION=*YES.

FILE-ATTR-ENCRYPTION =

Restricts the encryption option for file(s) and/or directory list attributes.

FILE-ATTR-ENCRYPTION = *NOT-RESTRICTED
The encryption option for file(s) and/or directory list attributes is not restricted. Both encrypted and unencrypted file management requests are accepted.

FILE-ATTR-ENCRYPTION = *NO
Only those file management requests which do not have encrypted file(s) and/or directory list attributes are accepted, i.e. encrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the file management request FILE-ATTR-ENCRYPTION=*NO.

FILE-ATTR-ENCRYPTION = *YES
Only those file transfer requests that have encrypted file(s) and/or directory list attributes are accepted, i.e. unencrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the file management request FILE-ATTR-ENCRYPTION=*YES.

Examples

1. Jack John wishes to create an admission profile for the following purpose:

   Dylan Dack, employee at the Dack Goldmine, has his own BS2000 computer. He has to transfer monthly reports on a regular basis to his boss Jack‘s computer, JACKJOHN, using File Transfer. The file needs to have the name MONTHLYREPORT.GOLDMINE and is to be printed out after transfer.

   Since Jack’s admission set does not permit any “inbound” requests, he needs to give the profile privileged status (he/she is permitted to do this, since he is an FTAC administrator). The Goldmine computer has the security level 50. The command required to create such an admission profile is as follows:

   /CREATE-FT-PROFILE NAME=GOLDMORE,                                     - /                      TRANSFER-ADMISSION='monthlyreportfortheboss',    - /                      PRIVILEGED=*YES,                                 - /                      IGNORE-MAX-LEVELS=(INBOUND-RECEIVE=*YES,         - /                      INBOUND-PROCESSING=*YES),                        -

   /                      TRANSFER-DIRECTION=*FROM-PARTNER,                - /                      PARTNER=GOLDMINE,                                - /                      FILE-NAME=MONTHLYREPORT.GOLDMINE,                - /                      SUCCESS-PROCESSING=                              - /                      '/PRINT-FILE MONTHLYREPORT.GOLDMINE',            - /                      FAILURE-PROCESSING=*NONE,                        - /                      WRITE-MODE=*REPLACE-FILE

   The short form of this command is:

   /CRE-FT-PROF GOLDMORE,TRANS-AD='monthlyreportfortheboss',             - /PRIV=*YES,IGN-MAX-LEV=(I-R=*YES,I-P=*YES),TRANS-DIR=*FROM,           - /PART=GOLDMINE, FILE-NAME=MONTHLYREPORT.GOLDMINE,                     - /SUCC='/PRINT-FILE MONTHLYREPORT.GOLDMINE',FAIL=*NONE,                - /WRITE=*REPL

   File management can also be performed with this admission profile (see the specifications for the IGNORE-MAX-LEVELS operand).

   Dylan Dack, who keeps the monthly report for the goldmine in his BS2000 computer in the file NOTHINGBUTLIES, can use the following openFT command to send it to the central computer JACKJOHN and print it out there:

   / TRANSFER-FILE TO,JACKJOHN,(NOTHINGBUTLIES),

                   (FILE=*NOT-SPECIFIED,TRANS-AD='monthlyreportfortheboss')

2. A profile is to be created that only allows monitoring.

   CREATE-FT-PROFILE MONITOR,,'ONLYFTMONITOR'    -     ,FILE-NAME=*EXP('|*FTMONITOR ') -     ,FT-FUN=(*TRANS-F,*FILE-PROC)

   The openFT Monitor can be started from a Unix or Windows system using this profile with the following command:

   ftmonitor "-po=10" FTBS2 ONLYFTMONITOR

   Alternatively, the monitoring values can be output as rows to a file (in this case ftbs2_data), for instance with the following command:

   ncopy FTBS2 !"-po=10" ftbs2_data ONLYFTMONITOR

3. If you only want to use FTAC profiles for the ftexec command then you must specify a filename prefix that starts with the character string ’|ftexecsv’.

   If a command or command prefix is also to be defined, you must specify it in the following form:

   FILE-NAME=*EXP('|ftexecsv -p=command-prefix')

   If the command string or the command prefix set in the profile for calling ftexec contains spaces, it must be enclosed in double quotes ("). Any double quotes in the command string must be entered twice.

   If the entire command string is specified as a file name in the profile for ftexec, you can only specify a space (' ') as the command name when calling ftexec. The FTAC profile does not prevent a caller of ftexec from specifying further command parameters.

4. You want to create a profile which can be used to run precisely one file processing command. A number of logging records are output in the example below.

   /CR-FT-PRO NUR1VORV,,'GetLoggingRecords'              - ,FILE-NAME=*EXP('|ftexecsv -p="/SH-FT-LOG-REC ,"')    - ,FT-FUN=(*TRANS-F,*FILE-PROC)

   The following command, for example, can be used to access the profile from a remote system:

   • Unix system or Windows system:

     ftexec FTBS2 3 GetLoggingRecords

   • BS2000 system:

     /EXE-REM-CMD FTBS2,'3','GetLoggingRecords'

   • z/OS system:

     FTEXEC FTBS2,'3','GetLoggingRecords'

Command return codes