Universal Command Manager Security
File Permissions
Only trusted user accounts should have write permission to the Universal Command (UCMD) Manager installation directory, its subdirectories, and all files within those directories. This most likely means only an administration group should have write access.
IBM i |
Only trusted user accounts and the UNVUBR520 user profile should have write permission to the UCMD Server product library (UNVPRD510) and all files within that library. |
---|---|
HP NonStop |
Eligible users of UCMD require read access to the message catalogs in the $SYSTEM.UNVNLS subvolume. |
UNIX |
Eligible users of UCMD require read access to the message catalogs (*.umc files) in the nls subdirectory of the Universal Agent installation directory (/opt/universal by default). |
Windows |
Eligible users of UCMD require read access to the message catalogs (*.umc files) in the nls subdirectory of the .\Universal installation directory. These file permissions are set automatically during the installation. |
z/OS |
Only trusted user accounts should have write access to the UCMD Manager installation files. Eligible users of UCMD require read access to the national language support library (SUNVNLS), the configuration file (UNVCONF), and the load library (SUNVLOAD). |
RACF Protection
z/OS |
The UCMD Manager for z/OS verifies a users access to a RACF general resource profile. The resource profile controls a user's access to execute a command on a remote host with a specific remote user identity. |
---|
Configuration Files
Only trusted user accounts should have write access to the UCMD Manager configuration files.
Windows |
Although you can edit configuration files with any text editor (for example, Notepad), we recommend that you manage configuration options using the Universal Configuration Manager Control Panel application. Only user accounts in the Administrator group can execute the Universal Configuration Manager. |
---|