Overview

Many Universal Agent components utilize the Universal Access Control List (UACL) feature as an extra layer of security to the services they offer. UACLs are used for a variety of reasons but generally are used to determine if a client request is allowed or denied permission to the service and to set security attributes for the client request.

Each Universal Broker has an associated UACL configuration file that contains all the UACL entries for that system. The UACL entries can be used to enforce a security policy specific to the system on which its deployed.

The following Universal Agent components use the UACL feature:

Component	Description
Universal Automation Center Agent	UACLs are used to control whether user credentials are required for task execution and to control whether or not user authentication is required. See /wiki/spaces/UA73/pages/3770342 for complete details.
Universal Broker	UACLs are used to permit or deny TCP/IP client connections. See /wiki/spaces/UA73/pages/3770118 for complete details.
Universal Command Server	UACLs are used to permit or deny Universal Command Manager access and to control whether or not the Manager request requires user authentication. See /wiki/spaces/UA73/pages/3770725 for complete details.
Universal Control Server	UACLs are used to permit or deny Universal Control Manager access and to control whether or not the Manager request requires user authentication. See /wiki/spaces/UA73/pages/3771956 for complete details.
Universal Data Mover Server	UACLs are used to permit or deny Universal Data Manager access and to control whether or not the Manager request requires user authentication. See /wiki/spaces/UA73/pages/3768657 for complete details.
Universal Event Monitor Server	UACLs are used to permit or deny Universal Event Monitor Manager access and to control user authentication for event handlers. See /wiki/spaces/UA73/pages/3769126 for complete details.
Universal Message Service	UACLs are used to permit or deny TCP/IP client connections and provide access to the OMS Administration Utility. See /wiki/spaces/UA73/pages/3770812 for complete details.

Note

For component-specific examples of UACL entries, see UACL Examples.

UACL Configuration

UACL entries are maintained in a configuration file. The UACL configuration file is required for the Universal Broker to start even if there are no UACL entries defined in it.

The UACL configuration file syntax is the same as all other Universal Agent configuration files except for one difference: multiple UACL entries of the same name may be defined. The order in which the UACL entries are listed in the configuration file determines the order in which they are searched. See /wiki/spaces/UA73/pages/3771392 for details on configuration file syntax.

The following table describes the location of the UACL configuration file and how it is accessed for each platform.

Platform	Description
z/OS	All UACL entries are defined in member ACLCFG00 in library UNVCONF. The Universal Broker started task allocates the UACL configuration file to ddname UNVACL.
UNIX	All UACL entries are defined in the uacl.conf configuration file. This file is installed in `/etc/universal` by default. The UACL file is searched for in the same manner as all other product configuration files.
Windows	All UACL entries are defined in the uacl.conf configuration file. The location of this file depends on the version of Windows. It is recommended to use the Windows /wiki/spaces/UA73/pages/3771410 to view and update UACL entries.
IBM i	All UACL entries are defined in member UACL of file UNVCONF.

Browser not supported