Recommendations and troubleshooting

This topic provides information on common mistakes when setting up user rights, fixes, and how to get more information when an error occurs.

User rights recommendations

The following best practices may help you avoid or correct user rights issues. Deviating from these recommendation may lead to unexpected user rights, or errors in the log.

  • Respect the appropriate case (upper/lower) for user names and passwords.
  • The am.type is set by default to enable Central Governance. Modifying this value effects user rights and access from Central Governance.
  • Changing the domain may affect your ability to log in on the Transfer CFT client.
  • If you modify the createprocessasuser parameter setting, you must restart Copilot for the parameter change to be taken into account.
  • The am.passport.superuser can perform any superuser activity. From Central Governance there is no check on the superuser; this user has all access regardless of the Central Governance roles and privileges.
  • When USERCTRL is set to YES and if the USERID parameter is not set, then the file transfer owner (when receiving) or file reader (when sending) is the user that started Transfer CFT.

Troubleshooting user rights issues

Access Transfer CFT logs in Central Governance

In the Central Governance interface, select Products. Select your Transfer CFT in the Product List, and in the right pane click Logs.

Messages and logs in Transfer CFT

If there is no information available in the Central Governance logs for the Transfer CFT, next check the following:

  • Transfer CFT logs
  • Transfer CFT trace files located in the <installation directory>Transfer_CFT\runtime\run

Check user definitions in Central Governance

In Central Governance roles and privileges grant or limit user permissions to perform actions, and define the user interface areas that they can access. See the Central Governance User Guide for detailed descriptions of user roles and privileges.

Issues

From Central Governance I cannot perform Transfer CFT actions that I previously could perform

Check that the local Transfer CFT superuser is correctly defined. This is a requirement for Central Governance to correctly manage your Transfer CFT. The value displayed in Central Governance should match the value that displays for CFTUTIL listuconf value=am.passport.superuser.

I am a user with Central Governance rights to create flows, but I cannot create a flow

Check the superuser file rights for the local Transfer CFTs runtime environment (all runtime directory contents).

I cannot connect to the Copilot server even though I am the superuser defined in the UCONF file

While the superuser has all privileges and is granted to all possible actions on a resource, when you log on the Copilot server this triggers a credential check. Therefore, the superuser user must be defined in Central Governance.

Transfer CFT client hangs

The Transfer CFT client has been launched at least one time from the root/system admin userid, making the root/system admin the owner of the persistent cache (in data directory). See am.passport.persistency.fname.

Therefore, even when the Transfer CFT client is launched with the Transfer CFT user (a user with appropriate privileges) this user cannot update the persistent cache and causes Transfer CFT to query Central Governance (PassPort AM) each time it needs to try to update the local cache.

To fix the issue, delete the persistent cache files (CFTAM and CFTAM.idx) and restart the Copilot server.

Operating system specific information

For more information, see the following platform specific guides for the appropriate OS:

Related topics

Related Links