Note on usage
Function: Modify admission profile
User group: FTAC user and FTAC administrator
Prerequisite for using this command is the use of openFT-AC.
Functional description
The command MODIFY-FT-PROFILE can be used by any FTAC user to modify his/her admission profile. In a privileged admission profile, an FTAC user can only modify the operands TRANSFER-ADMISSION and PRIVILEGED.
When the FTAC administrator neither possesses TSOS privilege nor has specified the account number and password, the profile is prohibited after a modification and must be released by the user. Modification of the privilege is excluded from this: in this case the profile is not locked.
As soon as an admission profile is modified, the timestamp of the last modification is also updated. You can see the timestamp with SHOW-FT-PROFILE INF=*ALL (LAST-MODIF). The timestamp is updated even if you do not change the properties of the profile, i.e. if you enter MODIFY-FT-PROFILE with the parameter NAME without specifying other parameters.
Format
MODIFY-FT-PROFILE |
NAME = *ALL / *STD / <alphanum-name 1..8> ,PASSWORD = *NONE / <c-string 1..8 with-low> / <x-string 1..16> / *SECRET ,SELECT-PARAMETER = *OWN / *PARAMETERS(...) *PARAMETERS(...) TRANSFER-ADMISSION = *ALL / *NOT-SPECIFIED / <alphanum-name 8..32> / c-string 8..32 with-low> / <x-string 15..64> / *SECRET ,OWNER-IDENTIFICATION = *OWN / *ALL / <name 1..8> ,NEW-NAME = *OLD / *STD / <alphanum-name 1..8> ,TRANSFER-ADMISSION = *UNCH ANGED / *NOT-SPECIFIED / *OLD-ADMISSION(...) / <alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...) / *SECRET *OLD-ADMISSION(...) VALID = *UNCH ANGED / *YES / *NO ,USAGE = *UNCH ANGED / *PRIVATE / *PUBLIC ,EXPIRATION-DATE = *UNCH ANGED / *NOT-RESTRICTED / <date 8..10> <alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...) VALID = *YES / *NO / *UNCHANGED ,USAGE = *PRIVATE / *PUBLIC / *UNCHANGED ,EXPIRATION-DATE = *NOT-REST RICTED / <date 8..10> / *UNCHANGED ,PRIVILEGED = *UNCH ANGED / *NO / *YES ,IGNORE-MAX-LEVELS = *UNCH ANGED / *NO / *YES / *PARAMETERS(...) *PARAMETERS(...) OUTBOUND-SEND = *UNCH ANGED / *NO / *YES ,OUTBOUND-RECEIVE = *UNCH ANGED / *NO / *YES ,INBOUND-SEND = *UNCH ANGED / *NO / *YES ,INBOUND-RECEIVE = *UNCH ANGED / *NO / *YES ,INBOUND-PROCESSING = *UNCH ANGED / *NO / *YES ,INBOUND-MANAGEMENT = *UNCH ANGED / *NO / *YES ,USER-ADMISSION = *UNCH ANGED / *OWN / *PARAMETERS(...) *PARAMETERS(...) USER-IDENTIFICATION = *OWN / <name 1..8> ,ACCOUNT = *OWN / *FIRST / *NOT-SPECIFIED / *NONE / <alphanum-name 1..8> ,PASSWORD = *OWN / *NOT-SPECIFIED / <c-string 1..8> / <c-string 9..32> / <x-string 1..16> / *NONE / *SECRET ,INITIATOR = *UNCH ANGED / list-poss(2): *REMOTE / *LOCAL ,TRANSFER-DIRECTION = *UNCH ANGED / *NOT-RESTRICTED / *FROM-PARTNER / *TO-PARTNER ,PARTNER = *UNCH ANGED / *NOT-RESTRICTED / *ADD(...) / *REMOVE(...) / list-poss(50): <text 1..200 with-low> *ADD(...) NAME = list-poss(50): <text 1..200 with-low> *REMOVE(...) NAME = list-poss(50): <text 1..200 with-low> ,MAX-PARTNER-LEVEL = *UNCH ANGED / *NOT-RESTRICTED / <integer 0..100> ,FILE-NAME = *UNCH ANGED / *NOT-RESTRICTED / <filename1..54 > / <c-string 1..512 with-low> / *EXPANSION(...) / *LIBRARY-ELEMENT(...) / *POSIX(NAME=<posix-pathname 1..510>) *EXPANSION(...) PREFIX = <filename 1..53> / <partial-filename 2..53> / <c-string 1..511 with-low> *LIBRARY-ELEMENT(...) LIBRARY = *UNCH ANGED / *NOT-RESTRICTED / <filename 1..54> / *EXPANSION(...) *EXPANSION(...) PREFIX = <filename 1..53> / <partial-filename 2..53> ,ELEMENT = *UNCH ANGED / *NOT-RESTRICTED / <composed-name 1..64 with-under>(...) / *EXPANSION(...) <composed-name 1..64 with-under>(...) VERSION = *STD / <text 1..24> *EXPANSION(...) PREFIX = <composed-name 1..63 with-under> / <partial-filename 2..63> ,TYPE = *UNCH ANGED / *NOT-RESTRICTED / <name 1..8> ,FILE-PASSWORD = *UNCH ANGED / *NOT-RESTRICTED / *NONE / <c-string 1..4> / <x-string 1..8> / <integer -2147483648...2147483647> / *SECRET ,PROCESSING-ADMISSION = *UNCH ANGED / *SAME / *NOT-RESTRICTED / *PARAMETERS(...) *PARAMETERS(...) USER-IDENTIFICATION = *SAME / *NOT-RESTRICTED / <name 1..8> ,ACCOUNT = *SAME / *NOT-RESTRICTED / *NONE / <alphanum-name 1..8> ,PASSWORD = *SAME / *NOT-RESTRICTED / *NONE / <c-string 1..8> / <c-string 9..32> / <x-string 1..16> / *SECRET ,SUCCESS-PROCESSING = *UNCH ANGED / *NOT-RESTRICTED / *NONE / <c-string 1..1000 with-low> / *EXPANSION(...) *EXPANSION(...) PREFIX = *UNCH ANGED / *NOT-RESTRICTED / <c-string 1..999 with-low> ,SUFFIX = *UNCH ANGED / *NOT-RESTRICTED / <c-string 1..999 with-low> ,FAILURE-PROCESSING = *UNCH ANGED / *NOT-RESTRICTED / *NONE / <c-string 1..1000 with-low> / *EXPANSION(...) *EXPANSION(...) PREFIX = *UNCH ANGED / *NOT-RESTRICTED / <c-string 1..999 with-low> ,SUFFIX = *UNCH ANGED / *NOT-RESTRICTED / <c-string 1..999 with-low> ,WRITE-MODE = *UNCH ANGED / *NOT-RESTRICTED / *NEW-FILE / *REPLACE-FILE / *EXTEND-FILE ,FT-FUNCTION = *UNCH ANGED / *NOT-RESTRICTED / list-poss(5): *TRANSFER-FILE / *MODIFY-FILE-ATTRIBUTES / *READ-DIRECTORY / *FILE-PROCESSING / *REMOTE-ADMINISTRATION ,USER-INFORMATION = *UNCH ANGED / *NONE / <c-string 1..100 with-low> ,DATA-ENCRYPTION = *UNCH ANGED / *NOT-RESTRICTED / *NO / *YES ,FILE-ATTR-ENCRYPTION = *UNCH ANGED / *NOT-REST RICTED / *NO / *YES |
Operands
NAME =
Determines the name of the admission profile to be modified.
NAME = *ALL
Modifies all your admission profiles at the same time provided no further selection criteria are specified using the SELECT parameter and neither the name nor the transfer admission is to be modified.
NAME = *STD
Changes the standard admission profile for your user ID or, as FTAC administrator, the standard admission profile of the selected user ID.
NAME = <alphanum-name 1..8>
Modifies the admission profile with this name.
PASSWORD =
FTAC password which authorizes you to use FTAC commands on your user ID, if such a password has been defined in your admission set.
PASSWORD = *NONE
No FTAC password is required.
PASSWORD = <c-string 1..8 with-low> / <x-string 1..16>
This FTAC password is required.
PASSWORD = *SECRET
The system prompts you to enter the password. However, it does not appear on the screen.
SELECT-PARAMETER =
Specifies a transfer admission. You will then modify the admission profile which has this transfer admission.
SELECT-PARAMETER = *OWN
Modifies your own admission profile.
SELECT-PARAMETER = *PARAMETERS(...)
Specifies the selection criteria for the profiles which you wish to modify.
TRANSFER-ADMISSION =
Entering the TRANSFER-ADMISSION here makes it a selection criterion for the admission profiles which you wish to modify.
TRANSFER-ADMISSION = *ALL
All your admission profiles are to be modified, irrespective of the transfer admission.
TRANSFER-ADMISSION = *NOT-SPECIFIED
Only admission profiles without a defined transfer admission are to be modified. In the case of a standard admission profile, the transfer admission is never assigned, because this is addressed using the user ID and the user password.
TRANSFER-ADMISSION = <alphanum-name 8..32> / <c-string 8..32 with-low> / <x-string 15..64>
The admission profile with this transfer admission is to be modified.
TRANSFER-ADMISSION = *SECRET
The system prompts you to enter the transfer admission. However, it does not appear on the screen.
OWNER-IDENTIFICATION =
You can use the owner of an admission profile as a selection criterion for access to a profile to be modified.
OWNER-IDENTIFICATION = *OWN Modifies your own admission profile.
OWNER-IDENTIFICATION = *ALL
The FTAC administrator can access the profiles of all users. The FTAC user is not permitted to make this entry.
OWNER-IDENTIFICATION = <name 1..8>
The FTAC user can enter only his/her own user ID here, the FTAC administrator can enter any user ID.
NEW-NAME =
NEW-NAME is used to assign a new name to the admission profile.
NEW-NAME may only be specified together with unambiguous selection criteria (NAME or TRANSFER-ADMISSION).
NEW-NAME = *OLD
The name of the admission profile remains unchanged.
NEW-NAME = *STD
Makes the admission profile the standard admission profile for the user ID. If the admission profile previously had a transfer admission, you must also specify TRANSFER-ADMISSION=*NOT-SPECIFIED.
NEW-NAME = <alphanum-name 1..8>
New name of the admission profile. This name must be unique among all the admission profiles on your user ID. If an admission profile with this name already exists, FTAC rejects the command with the following message:
FTC0100 FT profile already exists
The command SHOW-FT-PROFILE can be used to obtain information on the already existing name. For this information, it suffices to enter SHOW-FT-PROFILE without parameters.
TRANSFER-ADMISSION =
Modifies the transfer admission which is associated with the admission profile selected. You must ensure that the transfer admission is unique within your openFT system. If the transfer admission which you have selected already exists, FTAC rejects the command with the following message:
FTC0101 Transfer admission already exists
The FTAC administrator can also allocate a transfer admission here if he/she modifies the admissions profile of any user ID. If he/she has no TSOS privilege, the FTAC administrator must also specify the complete USER-ADMISSION for the affected user ID (USER-IDENTIFICATION, ACCOUNT and PASSWORD).
TRANSFER-ADMISSION may only be specified together with unambiguous selection criteria (NAME or SELECT-PARAMETERS=*PAR(TRANSFER-ADMISSION)).
TRANSFER-ADMISSION = *UNCHANGED
The transfer admission remains unchanged.
TRANSFER-ADMISSION = *NOT-SPECIFIED
No transfer admission is set and any existing transfer admissions are made invalid. This locks the profile, provided that it is not a profile that you are converting to a standard admission profile. In this case, you must specify *NOT-SPECIFIED.
TRANSFER-ADMISSION = *OLD-ADMISSION(...)
The transfer admission itself remains unchanged. The options, however, can be changed, as opposed to with the entry TRANSFER-ADMISSION=*UNCHANGED. The specifications are ignored if you are changing a standard admission profile.
VALID = *UNCHANGED
The value remains unchanged.
VALID = *YES
The transfer admission is valid.
VALID = *NO
The transfer admission is not valid. The profile can be locked with this entry.
USAGE = *UNCHANGED
The value remains unchanged.
USAGE = *PRIVATE
Access to your profile is denied for security reasons whenever another user ID attempts to set for a second time the TRANSFER-ADMISSION which has already been used by you.
USAGE = *PUBLIC
Access to your profile is not denied if another user happens to “discover” your TRANSFER-ADMISSION. “Discovery” means that another user ID attempted to specify the same TRANSFER ADMISSION twice. This is rejected for uniqueness reasons.
EXPIRATION-DATE = *UNCHANGED The value remains unchanged.
EXPIRATION-DATE = *NOT-RESTRICTED
The use of this transfer admission is not restricted with respect to time.
EXPIRATION-DATE = <date 8..10>
Date in the form yyyy-mm-dd or yy-mm-dd, e.g. 2017-12-31 or 17-12-31 for 31 December, 2017.The use of the transfer admission is only possible until the given date.
TRANSFER-ADMISSION = <alphanum-name 8..32>(...) / <c-string 8..32 with-low>(...) / <x-string 15..64>(...)
The character string must be entered as transfer admission in the transfer request. The alphanumeric input is always stored in lowercase letters.
VALID = *YES
The transfer admission is valid.
VALID = *NO
The transfer admission is not valid. The profile can be locked with this entry.
VALID = *UNCHANGED
The value remains unchanged.
USAGE = *PRIVATE
Access to your profile is denied for security reasons whenever another user ID attempts to set for a second time the TRANSFER-ADMISSION which has already been used by you.
USAGE = *PUBLIC
Access to your profile is not denied if another user happens to “discover” your TRANSFER-ADMISSION. “Discovery” means that another user ID attempted to specify the same TRANSFER ADMISSION twice. This is rejected for uniqueness reasons.
USAGE = *UNCHANGED
The value remains unchanged.
EXPIRATION-DATE = *NOT-RESTRICTED
The use of this transfer admission is not restricted with respect to time.
EXPIRATION-DATE = <date 8..10>
Date in the form yyyy-mm-dd or yy-mm-dd, e.g. 2017-12-31 or 17-12-31 for 31 December, 2017..The use of the transfer admission is only possible until the given date.
EXPIRATION-DATE = *UNCHANGEDThe value remains unchanged.
TRANSFER-ADMISSION = *SECRET
The system prompts you to input the transfer admission. However, this does not appear on the screen. The operands VALID, USAGE and EXPIRATION-DATE can also be secretly entered in this case.
PRIVILEGED =
The FTAC administrator can privilege the admission profile of any FTAC user. FT requests which are processed with a privileged admission profile are not subject to the restrictions for MAX-ADM-LEVEL in the admission set.
The FTAC user can only reverse any privileged status given.
PRIVILEGED = *UNCHANGED
The status of this admission profile remains unchanged.
PRIVILEGED = *NO
With *NO, you can reverse the privileged status.
PRIVILEGED = *YES
With *YES, the FTAC administrator gives one or more admission profiles privileged status.
IGNORE-MAX-LEVELS =
Determines for which of the six basic functions the restrictions of the admission set should be ignored. The user’s MAX-USER-LEVELS can be exceeded in this way. The MAX-ADM-LEVELS in the admission set can only be effectively exceeded with an admission profile which has been designated as privileged by the FTAC administrator. The FTAC user can set up an admission profile for himself/herself for special tasks (e.g. sending a certain file to a partner system with which he/she normally is not allowed to conduct a file transfer), which allows him/her to exceed the admission set. This profile must be explicitly given privileged status by the FTAC administrator.
If you enter IGNORE-MAX-LEVELS=*YES, the settings for all the basic functions are ignored. If you wish to ignore the admission set for specific basic functions, you need to do this with the operands explained later in the text.
The following table shows which partial components of the file management can be used under which conditions:
Inbound file management function | Setting in admission set/extension in profile |
Show file attributes | Inbound sending (IBS) permitted |
Modify file attributes | Inbound receiving (IBR) and |
Rename files | Inbound receiving (IBR) and |
Delete files | Inbound receiving (IBR) permitted and |
Show directories | Inbound file management (IBF) permitted and |
Create, rename, delete directories | Inbound file management (IBF) permitted and |
IGNORE-MAX-LEVELS = *UNCHANGED
You can access the same security levels as before the modification (unless you have reversed the privileged status with PRIVILEGED=*NO).
IGNORE-MAX-LEVELS = *NO
FT requests which are processed with the admission profile are subject to the restrictions of the admission set.
IGNORE-MAX-LEVELS = *YES
*YES allows you to communicate with partner systems whose security level exceeds the specifications of the admission set. If your profile does not have privileged status, you can only disregard the MAX-USER-LEVELS in the admission set, not the MAX-ADM-LEVELS.
The current MAX-USER-LEVELS and MAX-ADM-LEVELS settings can be accessed using the command SHOW-FT-ADMISSION-SET (see example in section “Output of SHOW-FT-ADMISSION-SET”).
IGNORE-MAX-LEVELS = *PARAMETERS(...)
OUTBOUND-SEND = *UNCHANGED
The maximum security level which can be reached with the basic function “outbound send” remains unchanged.
OUTBOUND-SEND = *NO
The maximum security level which can be reached with the basic function “outbound send” is determined by the admission set.
OUTBOUND-SEND = *YES
For the basic function “outbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.
OUTBOUND-RECEIVE = *UNCHANGED
The maximum security level which can be reached with the basic function “outbound receive” remains unchanged.
OUTBOUND-RECEIVE = *NO
The maximum security level which can be reached with the basic function “outbound receive” is determined by the admission set.
OUTBOUND-RECEIVE = *YES
For the basic function “outbound receive”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.
INBOUND-SEND = *UNCHANGED
The maximum security level which can be reached with the basic function “inbound send” remains unchanged.
INBOUND-SEND = *NO
The maximum security level which can be reached with the basic function “inbound send” is determined by the admission set.
INBOUND-SEND = *YES
For the basic function “inbound send”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The same applies to the partial component “display file attributes” of the basic function “inbound file management”.
INBOUND-RECEIVE = *UNCHANGED
The maximum security level which can be reached with the basic function “inbound receive” remains unchanged.
INBOUND-RECEIVE = *NO
The maximum security level which can be reached with the basic function “inbound receive” is determined by the admission set.
INBOUND-RECEIVE = *YES
Disregards your settings for “inbound receive” in the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The same applies to the following partial components of the basic function “inbound file management”:
delete files, as long as the file attributes are set accordingly,
modify file attributes, if the basic function “inbound file management” was admitted in the admission set or in the admission profile.
INBOUND-PROCESSING = *UNCHANGED
The maximum security level which can be reached with the basic function “inbound processing” remains unchanged.
INBOUND-PROCESSING = *NO
The maximum security level which can be reached with the basic function “inbound processing” is determined by the admission set.
INBOUND-PROCESSING = *YES
For the basic function “inbound processing”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS.
INBOUND-MANAGEMENT = *UNCHANGED
The maximum security level which can be reached with the basic function “inbound file management” remains unchanged.
INBOUND-MANAGEMENT = *NO
The maximum security level which can be reached with the basic function “inbound file management” is determined by the admission set.
INBOUND-MANAGEMENT = *YES
For the basic function “inbound file management”, you can use this admission profile to disregard the MAX-USER-LEVELS. If your profile is privileged, you are also not held to the restrictions of the MAX-ADM-LEVELS. The partial component “modify file attributes” of the basic function “inbound file management” only functions if the basic function “inbound receive” was admitted in the admission set or admission profile.
USER-ADMISSION =
User ID under which the modified admission profile is saved. FT requests which use this profile access the entered user ID in the local system.
As an FTAC user you can only specify your own user ID here.
If the FTAC administrator has created an admission profile for a user without specifying the access data (see the CREATE-FT-PROFILE command), the user must, if necessary, enter the account and password in the operands ACCOUNT and PASSWORD described below before the profile can be used.
USER-ADMISSION = *UNCHANGED
The USER-ADMISSION of this admission profile remains unchanged.
USER-ADMISSION = *OWN
For USER-IDENTIFICATION and ACCOUNT, the specifications are taken from the current LOGON authorization. A BS2000 password is only taken from your LOGON authorization when an FT request accesses the admission profile.
USER-ADMISSION = *PARAMETERS(...)
Specifies the individual components of the user ID.
This allows you, for example, to ensure that FT requests which use this admission profile are kept under a different account number from the currently valid account number. Another application is to specify a password in the admission profile. FT requests which use this admission profile will then only function if the current LOGON password corresponds to this preset password.
USER-IDENTIFICATION =
Your user ID in BS2000.
USER-IDENTIFICATION = *OWN
The user ID is taken from your LOGON authorization.
USER-IDENTIFICATION = <name 1..8>
User ID with which the profile is to be associated. As FTAC administrator you may also specify foreign user IDs.
ACCOUNT =
Account number under which an FT request is to be kept when it uses this admission profile.
ACCOUNT = *OWN
The account number is taken from the current LOGON authorization.
ACCOUNT = *FIRST
The first account number assigned to the home pubset of the specified USER-IDENTIFICATION at the time the profile is used in the system is used for account assignment in the case of transfer requests. If the ID’s account number changes, the profile has not to be modified.
ACCOUNT = *NOT-SPECIFIED
No account number is defined.
The account number is to be specified by the owner of the admission profile. This function permits the FTAC administrator to set up profiles for user IDs whose account numbers he/she does not know.
ACCOUNT = *NONE
The account number is used which is defined as the default account number of the user ID specified at the time the admission profile is used.
ACCOUNT = <alphanum-name 1..8>
An FT request should be kept under the account number specified when it accesses this admission profile. You can enter any account number which is associated with your user ID.
PASSWORD =
Password which an FT request is to use when it works with this admission profile.
PASSWORD = *OWN
When an FT request refers to this admission profile, FTAC uses the password valid for the specified USER-IDENTIFICATION at that moment. This prevents you from having to modify the admission profile if the BS2000 password is changed.
PASSWORD = *NOT-SPECIFIED
The password is specified by the owner of the admission profile. This function permits the FTAC administrator to set up profiles for foreign user IDs whose access data he/she does not know.
PASSWORD = <c-string 1..8> / <c-string 9..32> / <x-string 1..16>
When an FT request accesses the admission profile, the specified password is compared with the current LOGON password. If the two do not correspond, the FT request is rejected.
PASSWORD = *NONE
No password is required for the user ID.
PASSWORD = *SECRET
The system prompts you to enter the password. However, this does not appear on the screen.
INITIATOR =
Determines if initiators from local and/or remote systems are permitted to use this admission profile for their FT requests.
INITIATOR = *UNCHANGED
The settings in this admission profile remain unchanged,
INITIATOR = *REMOTE
This admission profile may only be used for FT requests by initiators from remote systems.
INITIATOR = *LOCAL
This admission profile may only be used for FT requests by initiators from the local system.
INITIATOR = (*LOCAL,*REMOTE)
This admission profile may be used by initiators from local and remote systems.
TRANSFER-DIRECTION =
Determines which transfer direction may be used with this admission profile.
TRANSFER-DIRECTION = *UNCHANGED
The specification in the admission profile remains unchanged.
TRANSFER-DIRECTION = *NOT-RESTRICTED
Files can be transferred to and from a partner system.
TRANSFER-DIRECTION = *FROM-PARTNER
Files can only be transferred from a partner system to your system. It is not possible to display file attributes/directories (partial components of “inbound file management”).
TRANSFER-DIRECTION = *TO-PARTNER
Files can only be transferred from your system to a partner system. It is not possible to modify file attributes or delete files (partial components of “inbound file management”).
PARTNER =
Specifies that this admission profile is to be used only for FT requests which are processed by a a certain partner system.
PARTNER = *UNCHANGED
Any partner in the admission profile remains unchanged.
PARTNER = *NOT-RESTRICTED
This admission profile’s scope of use is not limited to FT requests with certain partner systems.
PARTNER = *ADD(NAME = list-poss(50): <text 1..200 with-low>)
With this specification, you can add elements to an existing list of partner systems. A maximum of 50 partner systems can be specified.
PARTNER = *REMOVE(NAME = list-poss(50): <text 1..200 with-low>)
Removes elements from an existing list of partner systems. A maximum of 50 partner systems can be specified.
PARTNER = list-poss(50): <text 1..200 with-low>
The admission profile only permits those FT requests which are processed with the specified partner systems. A maximum of 50 partner systems can be specified.
For PARTNER you can specify the name from the partner list or the address of the partner system, see also section “Specifying partner addresses”. You are advised to use the name from the partner list.
MAX-PARTNER-LEVEL =
A maximum security level can be specified. The admission profile will then only permit those FT requests which are processed with partner systems which have this security level or lower.
MAX-PARTNER-LEVEL works in conjunction with the admission set. When non-privileged admission profiles are used, the access check is executed on the basis of the smallest specified value.
MAX-PARTNER-LEVEL = *UNCHANGED
The specification for MAX-PARTNER-LEVEL in this admission set remains unchanged.
MAX-PARTNER-LEVEL = *NOT-RESTRICTED
If FT requests are processed with this admission profile, then the highest accessible security level is determined by the admission set.
MAX-PARTNER-LEVEL = <integer 0..100>
All partner systems which have this security level or lower can be communicated with.
FILE-NAME =
Determines which files or library members under your user ID may be accessed by FT requests that use this admission profile.
FILE-NAME = *UNCHANGED
The specifications for FILE-NAME in this admission profile remain unchanged.
FILE-NAME = *NOT-RESTRICTED
The admission profile permits unrestricted access to all files and library members of the user ID.
FILE-NAME = <filename 1..54> / <c-string 1..512 with-low> /
*POSIX(NAME = <posix-pathname 1..510>)
Only the specified file may be accessed. However, openFT is also able to generate unique filenames automatically, thus providing an easy way of avoiding conflicts. This is done by specifying the string %UNIQUE at the end of the filename which is predefined here. When follow-up processing is specified, this file can be referenced with %FILENAME.
You can also directly specify file transfer with pre- and postprocessing here by entering the pipe symbol ’|’ followed by a command.
FILE-NAME =*EXPANSION(PREFIX = <filename 1..53> /
<partial-filename 2..53> / <c-string 1..511 with-low>)
Restricts access to a number of files which all begin with the same prefix. If a filename is entered in an FT request which uses this admission profile, FTAC sets the prefix defined with EXPANSION in front of this filename. The FT request is then permitted to access the file PrefixFilename.
Example
If PREFIX=STEVEN. is specified, a FT request in which the FILE-NAME=MILLER is specified accesses the file STEVEN.MILLER.
Please note that the part of a DVS filename which is specified in the file transfer command still has to be of the type <filename>.
If you want to perform file transfer with pre- or postprocessing, you should indicate this by entering the pipe symbol ‘|’ at the start of the prefix. The created FTAC profile can then be used only for file transfer with pre- or postprocessing since the file name that is generated also starts with a ‘|’. The variable %TEMPFILE can also be used in the filename prefix. You can find detailed information on preprocessing and postprocessing in section “Preprocessing and postprocessing”.
The maximum length of the entire pre- or postprocessing command is limited to the maximum length of the file name. If several commands are specified, then they must be separated by a semicolon (‘;’).
There must not be a space between the semicolon and the slash.
Example
FILE-NAME = C‘|/Command1;/Command2;/Command3; ...‘
If you specify a name prefix that starts with a pipe character with *EXP(PREFIX=...), the preprocessing or postprocessing command of the FT request must not contain any semicolons. If the preprocessing or postprocessing command nevertheless contains semicolons, it must be enclosed in '...' (single quotes) or "..." (double quotes).
Special cases
In the case of admission profiles which are to be used exclusively for the ftexec command you must specify a filename or filename prefix that starts with the character string ‘|ftexecsv’ (see CREATE-FT-PROFILE).
Specify the file name prefix '|*ftmonitor' for admission profiles that are exclusively used for monitoring. A profile of this sort can then be used in the openFT Monitor or in an ft or ncopy command from a Windows or Unix system (see CREATE-FT-PROFILE, examples).
FILE-NAME = *LIBRARY-ELEMENT(...)
Determines which of your libraries and library members may be accessed by FT requests which use this admission profile.
LIBRARY =
Defines which libraries may be accessed with this admission profile.
LIBRARY = *UNCHANGED
The library specifications in the admission profile remain unchanged.
LIBRARY = *NOT-RESTRICTED
The admission profile does not restrict access to libraries.
LIBRARY = <filename 1..54>
Only this library may be accessed.
LIBRARY = *EXPANSION(PREFIX = <composed-name 1..63 with-under> /<partial-filename 2..63>)
Only those libraries may be accessed which begin with the specified prefix. FTAC sets the prefix in front of a library name in an FT request which uses this admission profile, and then permits access to the library PrefixLibraryname.
ELEMENT =
Determines which library members may be accessed with this admission profile.
ELEMENT = *UNCHANGED
The library member specifications in the admission profile remain unchanged.
ELEMENT = *NOT-RESTRICTED
Permits unrestricted access to library members.
ELEMENT = <composed-name 1..64 with-under>(...)
Only permits access to the specified library member.
VERSION =
Access is only permitted for a specific version of the library member.
VERSION = *STD
Permits access only to the highest version of the library member.
VERSION = <text 1..24>
Access is only permitted for this version of the library member.
ELEMENT = *EXPANSION(PREFIX = <composed-name 1..63 with-under> / <partial-filename 2..63>)
Defines a prefix. When a name for a library member is specified in an FT request which uses this admission profile, FTAC adds the specified prefix to this member name. The admission profile then permits access to this member with the name PrefixElementname.
TYPE =
Specifies a certain type of library member. The admission profile then only permits access to library members of this type.
TYPE = *UNCHANGED
Any access restrictions to individual member types remain unchanged.
TYPE = *NOT-RESTRICTED
Access is not restricted to a certain type of library member.
TYPE = <name 1..8>
FT requests which use this admission profile may only access library members of this type.
FILE-PASSWORD =
You can enter a password for files into the admission profile. The FTAC functionality then only permits access to files which are protected with this password and to unprotected files. When a FILE-PASSWORD is specified in an admission profile, the password may no longer be specified in an FT request which uses this admission profile. This allows you to permit access to certain files to users in remote systems, without having to disclose the file passwords.
FILE-PASSWORD = *UNCHANGED
The specifications for FILE-PASSWORD in this admission profile remain unchanged.
FILE-PASSWORD = *NOT-RESTRICTED
Permits access to all files. If a password is set for a file, then it must be specified in the transfer request.
FILE-PASSWORD = *NONE
Only permits access to files without file passwords.
FILE-PASSWORD = <c-string 1..4> / <x-string 1..8> /
<integer -2147483648..2147483647>
Only permits access to files which are protected with the password specified and to unprotected files. The password which has already been specified in the profile may not be repeated in the transfer request. PASSWORD=*NONE would be entered in this case!
FILE-PASSWORD = *SECRET
The system prompts you to enter the password. However, this does not appear on the screen.
PROCESSING-ADMISSION =
You can enter a user ID in your BS2000 system. Any follow-up processing of an FT request will be executed under this user ID. With PROCESSING-ADMISSION in the admission profile, you do not need to disclose your LOGON authorization to partner systems for followup processing.
PROCESSING-ADMISSION = *UNCHANGED
The PROCESSING-ADMISSION in this admission profile remains unchanged.
PROCESSING-ADMISSION = *SAME
For the PROCESSING-ADMISSION, the values of the USER-ADMISSION are used. If *SAME is entered here, then any FT request which uses this profile must also contain PROCESSING-ADMISSION=*SAME or PROCESSING-ADMISSION= *NOT-SPECIFIED.The entry *SAME is only possible here if the follow-up processing is not started with the command /ENTER.
PROCESSING-ADMISSION = *NOT-RESTRICTED
FT requests which use this admission profile may contain any PROCESSING-ADMISSION.For follow-up processing with FTAM partners, PROCESSING-ADMISSSION must have a value not equal to *NOT-RESTRICTED.
PROCESSING-ADMISSION = *PARAMETERS(...)
You can also enter the individual components of the user ID. This allows follow-up processing using this admission profile and started from FT requests to be charged under a different account number, for example. Or, a password can be set in the admission profile. Follow-up processing for FT requests which use this admission profile will then only function if their current LOGON password corresponds to the pre-set password.
USER-IDENTIFICATION =
User ID under which the follow-up processing is to be executed.
USER-IDENTIFICATION = *SAME
The USER-IDENTIFICATION is taken from the USER-ADMISSION.
USER-IDENTIFICATION = *NOT-RESTRICTED
The admission profile does not restrict the user ID under which the follow-up processing is to be executed.
USER-IDENTIFICATION = <name 1..8>
FT requests which are processed with this admission profile are only permitted followup processing under this user ID. If another user ID is entered here, the parameter PASSWORD must also be entered. PASSWORD=*SAME is then not valid.
ACCOUNT =
Specifies the account number for the follow-up processing.
ACCOUNT = *SAME
The account number is taken from the USER-ADMISSION.
ACCOUNT = *NOT-RESTRICTED
The account number may be specified in FT requests that work with the admission profile. The admission profile does not restrict the account for follow-up processing.
ACCOUNT = *NONE
The account number is used which is defined as the default account number of the user ID specified at the time the admission profile is used.
ACCOUNT = <alphanum-name 1..8>
Follow-up processing is to be settled under this account number.
PASSWORD =
Specifies, where applicable, the BS2000 password for the user ID under which the follow-up processing is to be executed. Here, you can enter a PASSWORD when the user ID in question doesn’t have such a password (yet).
PASSWORD = *SAME
The value *SAME is only valid if the PROCESSING-ADMISSION refers to your own user ID. If PASSWORD=*OWN is entered on USER-ADMISSION, then the BS2000 password valid at the time of the request is used for the PROCESSING-ADMISSION.
The entry *SAME is only possible here if the follow-up processing is not started with the command /ENTER.
PASSWORD = *NOT-RESTRICTED
The password may be specified for FT requests which work with the admission profile. The admission profile does not restrict the password for follow-up processing.
PASSWORD = *NONE
FT requests which use this admission profile can only initiate follow-up processing on user IDs without a password.
PASSWORD = <c-string 1..8> / <c-string 9..32> / <x-string 1..16>
FT requests which use the admission profile may only initiate follow-up processing on user IDs which are protected with this password.
PASSWORD = *SECRET
The system prompts you to enter the password. The entry does not appear on the screen.
SUCCESS-PROCESSING =
Restricts the follow-up processing which an FT request is permitted to initiate in your system after a successful data transfer.
SUCCESS-PROCESSING = *UNCHANGED
The specifications for SUCCESS-PROCESSING in this admission profile remain unchanged.
SUCCESS-PROCESSING = *NOT-RESTRICTED
In FT requests which use this admission profile the operand SUCCESS-PROCESSING may be used without restriction.
SUCCESS-PROCESSING = *NONE
The admission profile does not permit follow-up processing after successful data transfer.
SUCCESS-PROCESSING = <c-string 1..1000 with-low>
BS2000 commands which are executed in the local system after successful data transfer.Individual commands must be preceded by a slash (/).
The individual commands must be separated by a semicolon (;). If a character string is enclosed by single or double quotes (’ or ”) within a command sequence, openFT does not interpret any semicolons within this character string as a separator.
SUCCESS-PROCESSING = *EXPANSION(...)
If a SUCCESS-PROCESSING was specified in an FT request which uses this admission profile, FTAC adds the prefix or suffix specified here to this command. As follow-up processing, the command which has been thus expanded is then executed.
If a suffix or prefix is defined at this point, then no command sequence for the follow-up processing may be specified in FT requests which use this admission profile. This makes the setting of prefixes and suffixes mandatory.
PREFIX = *UNCHANGED
The specifications for the follow-up processing prefix in this admission profile remain unchanged.
PREFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a prefix.
PREFIX = <c-string 1..999 with-low>
The specified prefix is set in front of a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the prefix is executed as follow-up processing.
SUFFIX = *UNCHANGED
The specifications for the follow-up processing suffix in this admission profile remain unchanged.
SUFFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a suffix.
SUFFIX = <c-string 1..999 with-low>
The specified prefix is set after a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the suffix is executed as follow-up processing.
Example
If PREFIX='/PRINT-FILE ' is defined and SUCC='filename' specified in the FT request, then FT executes the command “/PRINT-FILE filename” as follow-up processing.
If SUFFIX=' filename' is defined and SUCC='/PRINT-FILE' specified in the FT request, then FT executes the command “/PRINT-FILE filename” as follow-up processing.
FAILURE-PROCESSING =
Restricts the follow-up processing which an FT request is permitted to initiate in your system after a failed data transfer.
FAILURE-PROCESSING = *UNCHANGED
The specifications for FAILURE-PROCESSING in this admission profile remain unchanged.
FAILURE-PROCESSING = *NOT-RESTRICTED
In FT requests which use this admission profile the operand FAILURE-PROCESSING may be used without restriction.
FAILURE-PROCESSING = *NONE
The admission profile does not permit follow-up processing after failed data transfer.
FAILURE-PROCESSING = <c-string 1..1000 with-low>
BS2000 commands which are executed in the local system after failed data transfer. Individual commands must be preceded by a slash (/). The individual commands must be separated by a semicolon (;). If a character string is enclosed by single or double quotes (’ or ”) within a command sequence, openFT does not interpret any semicolons within this character string as a separator.
FAILURE-PROCESSING = *EXPANSION(...)
If a FAILURE-PROCESSING was specified in an FT request which uses this admission profile, FTAC adds the prefix or suffix specified here to this command. As follow-up processing, the command which has been thus expanded is then executed.
If a suffix or prefix is defined at this point, then no command sequence for the follow-up processing may be specified in FT requests which use this admission profile. This makes the setting of prefixes and suffixes mandatory.
PREFIX = *UNCHANGED
The specifications for the follow-up processing prefix in this admission profile remain unchanged.
PREFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a prefix.
PREFIX = <c-string 1..999 with-low>
The specified prefix is set in front of a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the prefix is executed as follow-up processing.
SUFFIX = *UNCHANGED
The specifications for the follow-up processing suffix in this admission profile remain unchanged.
SUFFIX = *NOT-RESTRICTED
Follow-up processing is not restricted by a suffix.
SUFFIX = <c-string 1..999 with-low>
The specified prefix is set after a command which is specified in an FT request as follow-up processing. Then, the command which has been expanded with the suffix is executed as follow-up processing.
WRITE-MODE =
Determines the WRITE-MODE which is valid for this FT request. WRITE MODE is only effective if the receive file is in the same system as the admission profile definition.
WRITE-MODE = *UNCHANGED
The specifications for WRITE-MODE in this admission profile remain unchanged.
WRITE-MODE = *NOT-RESTRICTED
In an FT request which accesses this admission profile, WRITE-MODE may be used without restrictions.
WRITE-MODE = *NEW-FILE
In the FT request, *NEW-FILE, *REPLACE-FILE or *EXTEND-FILE may be entered for WRITE-MODE. If the receive file already exists, the transfer will be rejected.
WRITE-MODE = *REPLACE-FILE
In the FT request of openFT or FTAM partners, only *REPLACE-FILE or *EXTEND-FILE may be entered for WRITE-MODE. With ftp partners, *NEW-FILE may also be entered if the file does not yet exist.
WRITE-MODE = *EXTEND-FILE
In the FT request, only *EXTEND-FILE may be entered for WRITE-MODE.
FT-FUNCTION =
This operand permits the restriction of the profile validity to certain FT functions (=file transfer and file management functions).
FT-FUNCTION = *UNCHANGED
The previous scope of the FT functions remains unchanged.
FT-FUNCTION = *NOT-RESTRICTED
The full scope of FT functions is available with the exception of the “remote administration” function (*REMOTE-ADMINISTRATION). This must be activated explicitly.
FT-FUNCTION = (*TRANSFER-FILE, *MODIFY-FILE-ATTRIBUTES, *READ-DIRECTORY, *FILE-PROCESSING, *REMOTE-ADMINISTRATION)
The following file transfer functions are available:
*TRANSFER-FILE
The admission profile may be used for the file transfer functions “transfer files”, “view file attributes” and “delete files”.
*MODIFY-FILE-ATTRIBUTES
The admission profile may be used for the file transfer functions “view file attributes” and “modify file attributes”.
*READ-DIRECTORY
The admission profile may be used for the file transfer functions “view directories” and “view file attributes”.
*FILE-PROCESSING
The admission profile may be used for the “preprocessing” and “postprocessing” file transfer functions. The “transfer files” function must also be permitted.
The *FILE-PROCESSING specification is of relevance only for FTAC profiles without a filename prefix. Otherwise the first character of the filename prefix determines whether only normal data transfer (no pipe symbol “|”) or only pre- and postprocessing (pipe symbol “|”) are to be possible with this FTAC profile.
*REMOTE-ADMINISTRATION
The admission profile is allowed to be used for the "remote administration" function. This allows a remote administrator to administer the openFT instance using this profile. *REMOTE-ADMINISTRATION may only be specified by the FT administrator or FTAC administrator.
USER-INFORMATION =
Specifies a text in the admission profile. This text can be displayed with the SHOW-FT-PROFILE command.
USER-INFORMATION = *UNCHANGED
Any existing text remains unchanged.
USER-INFORMATION = *NONE
Any existing text is deleted.
USER-INFORMATION = <c-string 1..100 with-low>
The character string entered is accepted as user information.
DATA-ENCRYPTION =
Specifies whether user data with this profile must be transferred in encrypted form.
DATA-ENCRYPTION = *UNCHANGED
The encryption option should remain unchanged.
DATA-ENCRYPTION = *NOT-RESTRICTED
The encryption option for user data is not restricted. File transfer requests with encryption and file transfer requests without encryption are both accepted.
DATA-ENCRYPTION = *NO
Only file transfer requests that do not have encrypted user data are accepted, i.e. requests with encryption are rejected. If the request is made in a BS2000 or z/OS, DATA-ENCRYPTION=*NO must be specified there in the NCOPY request.
DATA-ENCRYPTION = *YES
Only file transfer requests that have encrypted user data are accepted, i.e. requests without encryption are rejected. If the request is made in a BS2000 or z/OS, for example, then DATA-ENCRYPTION=*YES must be specified there in the file transfer request.
FILE-ATTR-ENCRYPTION =
Specifies whether file(s) and/or directory list attributes with this profile must be transferred in encrypted form.
FILE-ATTR-ENCRYPTION = *UNCHANGED
The encryption option should remain unchanged.
FILE-ATTR-ENCRYPTION = *NOT-RESTRICTED
The encryption option for file(s) and/or directory list attributes is not restricted. Both encrypted and unencrypted file management requests are accepted.
FILE-ATTR-ENCRYPTION = *NO
Only those file management requests which do not have encrypted file(s) and/or directory list attributes are accepted, i.e. encrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the file management request FILE-ATTR-ENCRYPTION=*NO.
FILE-ATTR-ENCRYPTION = *YES
Only those file transfer requests that have encrypted file(s) and/or directory list attributes are accepted, i.e. unencrypted requests are rejected.
If the request is made in a BS2000 or z/OS, for example, it must be specified there in the file management request FILE-ATTR-ENCRYPTION=*YES.
a restriction for follow-up processing must always be made for SUCCESS- and FAILURE-PROCESSING. Otherwise, it is possible that users will avoid this step.
PREFIX of FILE-NAME, SUCCESS-PROCESSING and FAILURE-PROCESSING must correspond, e.g. FILE-NAME = *EXP(XYZ.),SUCC = *EXP(’/PRINT-FILE XYZ.’)
Example
After Steven Miller has created an admission profile with the name profile1, which permits other users access to his user ID without the LOGON authorization, he decides he wants to restrict this profile so that only FT accesses are possible to files which begin with the prefix BRANCH.
The required command is:
/MODIFY-FT-PROFILE NAME = profil1,
FILE-NAME = *EXPANSION(PREFIX = branch.)
A possible short form of this command is:
/MOD-FT-PROF profil1,FILE-N = (PRE = branch.)
This places heavy restrictions on the admission profile. The other specifications remain unchanged.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | 0 | FTC0051 | A user ID with the same name already exists. |
0 | 64 | FTC0053 | No FT profile exists which meets the criteria specified. |
0 | 64 | FTC0055 | The partner restrictions were lifted. |
0 | 0 | FTC0056 | Transfer admission is locked. |
0 | 64 | FTC0100 | An FT profile with this name already exists. |
0 | 64 | FTC0101 | An FT profile with the specified transfer admission already |
0 | 64 | FTC0150 | The access password is missing. |
0 | 64 | FTC0151 | Modifications can only be made by the administrator or owner. |
0 | 64 | FTC0153 | The owner ID entered is not the user’s own ID. |
0 | 64 | FTC0170 | The partner entered is unknown within the partner system |
0 | 64 | FTC0171 | The profile entered does not exist. |
0 | 64 | FTC0172 | The user admission entered does not exist in the system. |
0 | 64 | FTC0173 | The processing admission entered does not exist in the |
0 | 64 | FTC0174 | The parameters “NEW-NAME”, “TRANSFER-ADMISSION” |
0 | 64 | FTC0178 | The partner name entered occurs several times. |
0 | 64 | FTC0179 | The maximum number of partner restrictions has been |
0 | 64 | FTC0182 | The maximum length of partner names has been exceeded. |
0 | 64 | FTC0200 | The total length of the two follow-up processing commands |
0 | 64 | FTC0255 | A system error has occurred. |
SC1/2 = Subcode 1/2 in decimal notation For additional information, see section “Command return codes”. | |||