Description
A UDM_MGR_ACCESS UACL entry either allows or denies access to Universal Data Mover Server services based on the host name and/or user of the Manager trying to initiate a UDM session.
If access is permitted, UDM_MGR_ACCESS also specifies whether or not user authentication is required.
A udm_mgr_access UACL entry is matched if all of the following occur:
- Request comes from a Manager initiated on host name identified by host. This is the machine host name, which may or may not be equivalent to the host DNS name.
- Manager is executing as user manager_user.
- Manager is requesting to execute a command as local user local_user.
The first matching rule is used to control access.
See UACL Entries for details on host, manager_user, and local_user specification syntax.
CAUTION!
Managers earlier than 3.2.0 supply neither a manager host name nor a manager user ID. Therefore, other than host name ALL and Manager user ID *, requests from managers earlier than 3.2.0 will never match a rule. Setting this rule in networks containing managers earlier than 3.2.0 requires careful planning.
Usage
Method | Syntax | IBM i | UNIX | Windows | z/OS |
UACL File Keyword | udm_mgr_access manager_host,manager_user,local_user,access,auth |
|
|
|
|
Values
Valid values for access are:
- deny
Service is denied. A message is returned to the remote end. The connection is closed. - allow
Service is accepted and processed.
Valid values for auth are:
- auth
Local user account must be authenticated. The Manager must provide a proper password for the account. - noauth
Local user account does not require user authentication.
Note
noauth should be used with care. Turning off user authentication may violate your local security policies on the Server system.