Configuration of Security - Universal Control Security

Owned by
Former user (Deleted)
Last updated: Nov 29, 2022 by
IT Stonebranch
Version comment
2 min read

Overview

Universal Control access controls consist of the following profile types:

Remote Access profiles control Universal Control's access to remote systems.

Universal Control Remote Access Profile Format

The remote access profile controls Universal Controls Manager's access to specific remote systems running Universal Agent. The remote system is identified by the IP address of the remote system, the port number on which the Manager is connecting to the remote system, and the command to be executed.

Universal Control Manager identifies a remote system with the REMOTE_HOST and REMOTE_PORT configuration options, and the command as one of the command options.

The remote access profile has the following format:

UCTL.Iipaddress.Pport.command

The profile name is composed of the following fields.

Field

Description

ipaddress

Numeric dotted-form IP address of the remote host as identified by the REMOTE_HOST option. The format of the IP address is four three-character numeric fields. Each field represents one number of the IP address. For example, IP address 256.10.2.123 is formatted as 256010002123.

port

Numeric port number on which Universal Broker is listening as identified by the REMOTE_PORT option. The default Universal Broker port number is 7887. The format of the port number is a five-digit number. For example, port 7887 is formatted as 07887.

command

Universal Control command that the Manager is requesting execution. Possible command values are START, STOP, and REFRESH.

Universal Control Security Profile Definition

This example illustrates sample RACF commands that can be used to define Universal Control security profiles and permit z/OS user identifiers access to those profiles. Refer to the IBM RACF documentation for complete details on RACF commands.

Example 1

Assume you wish to restrict Universal Control Manager for z/OS access to remote host 10.23.90.2. The following profile would restrict access to only those z/OS users who have read access to the profile UCTL.I010023090002.*.*.

The following TSO commands define the required profile and permits access to TSO user TSO555.