Universal Control Server Security

File Permissions

Only trusted user accounts should have write permission to the Universal Control Server installation directory and subdirectories, and all of the files within them.
 

HP NonStop

Object permissions: Only trusted user accounts should have management, existence, alter, add, update or delete authority to the Universal Control Server installation libraries and objects.

Windows

Eligible users of UCTL require read access to the message catalogs (*.umc files) in the nls subdirectory of the Universal Agent installation directory.
 
If security is activated, all eligible users of UCTL require permission to create directories in the UCTL Server working directory. A directory named after the user ID requesting the command is created for each user. The directory is created while impersonating the user; hence, it is created using the user's security account.
 
Home directories are created with permissions giving the user full control of both the directory and the files within them.

Configuration Files

Only trusted user accounts should have write access to the Universal Control Server configuration files.
 

Windows

Although you can edit configuration files with any text editor (for example, Notepad), we recommend that you manage configuration options using the Universal Configuration Manager Control Panel application. Only user accounts in the Administrator group can execute the Universal Configuration Manager.

Universal Control Server User ID

Universal Control Server requires read access to its installation directory and its working directory (defined in the component definition). The Universal Control Server security identity is inherited from the Universal Broker.
 

IBM i

The associated user profile (UNVUBR510) provides *ALLOBJ authority.

z/OS

UCTL Server requires read access to its installation data sets and its HFS working directory (defined in the component definition).

User Authentication

User authentication is the process of verifying that a user is a known and valid user. The process used by Universal Control Server requires the user to provide a user name / ID and a password. The Universal Control Server passes the name / ID and password to the operating system for verification; this is referred to as logging on the user.
 

Windows

Windows provides two primary types of log on processes: batch and interactive.
 
A user must be given the right to log on as a batch job in order for the user to do a batch log on. All users can do an interactive log on. (See the Universal Control Server LOGON_METHOD option for more details.)