Object permissions: Only trusted user accounts should have management, existence, alter, add, update or delete authority to the Universal Control Server installation libraries and objects.

Eligible users of UCTL require read access to the message catalogs (*.umc files) in the nls subdirectory of the Universal Agent installation directory.
 
If security is activated, all eligible users of UCTL require permission to create directories in the UCTL Server working directory. A directory named after the user ID requesting the command is created for each user. The directory is created while impersonating the user; hence, it is created using the user's security account.
 
Home directories are created with permissions giving the user full control of both the directory and the files within them.

Although you can edit configuration files with any text editor (for example, Notepad), we recommend that you manage configuration options using the Universal Configuration Manager Control Panel application. Only user accounts in the Administrator group can execute the Universal Configuration Manager.

The associated user profile (UNVUBR510) provides *ALLOBJ authority.

UCTL Server requires read access to its installation data sets and its HFS working directory (defined in the component definition).

Windows provides two primary types of log on processes: batch and interactive.
 
A user must be given the right to log on as a batch job in order for the user to do a batch log on. All users can do an interactive log on. (See the Universal Control Server LOGON_METHOD option for more details.)