About Transfer CFT system users

There are two basic types of rights needed to enable  Transfer CFT flows: the rights required to perform activities, such as starting or configuring Transfer CFT, and the rights that apply to files themselves.

This topic describes the parameters used to manage:

  • Activity rights for users
  • Rights for actions on files

Using Central Governance you can create users and assign them roles and privileges, for example the right to create flows or to send files. Additionally though, you can also set the file properties for the local Transfer CFT to enable or restrict certain user’s ability to perform file transfers.

The User rights and privileges use cases section provides common user rights use cases, and describes parameter combinations that let you achieve your desired level of security. These scenarios feature users with example privileges that are granted in Central Governance, your actual user rights might vary.

This topic begins with a brief review of key user control parameters, followed by a User rights use case, step instructions, and then best practices in Recommendations and troubleshooting.

Procedure overview

After installing Transfer CFT and performing system recommendations, you can configure system users as described in these sections.

1. Create new users

2. Define file permissions (USERCTRL)

3. Define client user rights

4. Define OS-specific user rights

5. File actions and procedure execution permissions (optional)

Transfer CFT user control parameters

There are two principle Transfer CFT parameters that control system users, USERCTRL and copilot.misc.createprocessasuser, which you can use in varying combinations to refine the level of security.

  • The USERCTRL parameter specifies the way Transfer CFT accesses physical files during the transfer phase. It does not apply to logical objects, or to Transfer CFT configuration files such as the catalog or partner files.
  • The copilot.misc.createprocessasuser parameter specifies actions that a user can do when logged on the Transfer CFT client (such as JPI, web services, or Copilot). Note that regardless of the value the transfer owner is the Transfer CFT connected client.

Remember that while Central Governance manages users, the CG roles and privileges are limited to logical resources and do not define the actual rights on physical files. This means that creating successful system users requires a combination of Transfer CFT settings and Central Governance access management. Using the products in tandem to define users that are recognized by the Transfer CFT system provides control of both types of system user rights.

Related Links