Universal Access Control List (UACL)
Overview
Many Universal Agent components utilize the Universal Access Control List (UACL) feature as an extra layer of security to the services they offer. UACLs are used for a variety of reasons but generally are used to determine if a client request is allowed or denied permission to the service and to set security attributes for the client request.
Each Universal Broker has an associated UACL configuration file that contains all the UACL entries for that system. The UACL entries can be used to enforce a security policy specific to the system on which its deployed.
The following Universal Agent components use the UACL feature:
Component | Description |
---|---|
UniversalĀ AutomationĀ CenterĀ Agent | UACLs are used to control whether user credentials are required for task execution and to control whether or not user authentication is required. See Universal Automation Center Agent UACL Entries for complete details. |
Universal Broker | UACLs are used to permit or deny TCP/IP client connections. See Universal Broker UACL Entries for complete details. |
Universal Command Server | UACLs are used to permit or deny Universal Command Manager access and to control whether or not the Manager request requires user authentication. See Universal Command UACL for complete details. |
Universal Control Server | UACLs are used to permit or deny Universal Control Manager access and to control whether or not the Manager request requires user authentication. See Universal Control UACL Entries for complete details. |
Universal Data Mover Server | UACLs are used to permit or deny Universal Data Manager access and to control whether or not the Manager request requires user authentication. See Universal Data Mover UACL Entries for complete details. |
Universal Event Monitor Server | UACLs are used to permit or deny Universal Event Monitor Manager access and to control user authentication for event handlers. See Universal Event Monitor UACL Entries for complete details. |
Universal Message Service | UACLs are used to permit or deny TCP/IP client connections and provide access to the OMS Administration Utility. See OMS Server UACL Entries for complete details. |
Note
For component-specific examples of UACL entries, seeĀ UACL Examples.
UACL Configuration
UACL entries are maintained in a configuration file. The UACL configuration file is required for the Universal Broker to start even if there are no UACL entries defined in it.
The UACL configuration file syntax is the same as all other Universal Agent configuration files except for one difference: multiple UACL entries of the same name may be defined. The order in which the UACL entries are listed in the configuration file determines the order in which they are searched. See Configuration File Syntax for details on configuration file syntax.
The following table describes the location of the UACL configuration file and how it is accessed for each platform.
Platform | Description |
---|---|
z/OS | All UACL entries are defined in member ACLCFG00 in library UNVCONF. The Universal Broker started task allocates the UACL configuration file to ddname UNVACL. |
UNIX | All UACL entries are defined in the uacl.conf configuration file. This file is installed in |
Windows | All UACL entries are defined in the uacl.conf configuration file. The location of this file depends on the version of Windows. It is recommended to use the Windows Universal Configuration Manager to view and update UACL entries. |
IBM i | All UACL entries are defined in member UACL of file UNVCONF. |