1. Create new users

Begin by creating a new user in Central Governance. You can refer to the Central Governance User Guide for detailed descriptions of user roles and privileges.

To create new systems users:

  1. In Central Governance, create your users and assign the appropriate roles and privileges as described in the Central Governance User Guide.
    For example, create the system users Flow Manager, Partner Manager, and Monitoring Assistant.
  2. Define the user rights for actions on files (USERCTRL) for these same new users for the local system where Transfer CFT is installed.
Note Superusers have all rights on Transfer CFT (you may also want to check the uconf am.passport.superuser parameter, which may be a list of superusers). It is important to remember that in UNIX/Windows the user that installs Transfer CFT is the superuser. This means that even if you restrict a user's roles in Central Governance, if that user is the superuser it can still perform all actions on files.

For users that have not yet implemented Central Governance, either create user permissions in Passport, or continue on to Step 2.

Parameter mapping for Central Governance

The following parameters are now managed in Central Governance. This table maps the existing Transfer CFT defaults and values.

CG field CG values CFTUTIL parameter Description
User for file access Transfer CFT system account | USERID variable CFTPARM - USERCTRL = NO | YES Specifies the account that is used to read/write transferred files.
User for script execution Transfer CFT system account | USERID variable UCONF - cft.server.exec_as_ user =  NO | YES Specifies the account that is used to execute scripts. This parameter is not supported on Transfer CFTs running on z/OS and IBM i systems.
Check permission for transfer execution YES | NO am.passport.userctrl.check_ permissions_on_transfer_ execution Checks whether the user has permissions to execute transfers.
Create process as user YES | NO copilot.misc.createprocessasuser Specifies whether Transfer CFT Copilot user must have system rights.

Related topics

Related Links