Universal Data Mover Manager Security

Universal Data Mover Manager Security

Universal Data Mover is designed to be a secure system. As the level of security rises, so does the administrative complexity of the system. Universal Data Mover has balanced the two to avoid the administrative complexity with a minimum sacrifice to security.

Universal Data Mover security concerns are:

  1. Access to Universal Data Mover files and directories
  2. Access to Universal Data Mover configuration files
  3. Universal Data Mover user account
  4. Privacy and integrity of transmitted network data
  5. User authentication

File Permissions

Only trusted user accounts should have permission to write to the Universal Data Mover installation directory and subdirectories, and all files within those directories.
 

IBM i

Object Permissions
 
Only administrator accounts should have write permission to the following Universal Agent libraries (and all objects within these libraries):

  • Installation library, UNVPRD510 (by default)
  • Product temporary library, UNVTMP510
  • Universal spool library, UNVSPL510

For maximum security, only trusted accounts (administrators and the UNVUBR510 profile) should have management, existence, alter, add, update, and delete authority to these objects.
 

Note

System value QCRTAUT controls public access authority to created objects unless overridden by specific commands.

z/OS

Data Set Permissions
 
Only trusted user accounts should have write access to the Universal Data Mover installation files. Eligible users of Universal Data Mover require read access to the national language support library SUNVNLS, the configuration file UNVCONF, and the load library SUNVLOAD.

Configuration Files

Only trusted user accounts should have write access to the Universal Data Mover Manager configuration files.
 

Windows

Although you may edit configuration files with any text editor (for example, Notepad), we recommend that you manage configuration options using the Universal Configuration Manager Control Panel application. Only user accounts in the Administrator group can execute the Universal Configuration Manager.