Maintaining User Authorization
The IBM® Connect:Direct® Authorization Facility controls access to IBM Connect:Direct functions. It is an alternative source of security information to the Stage 1 Signon and Stage 2 Security exits. If you use the Authorization Facility, you must identify all IBM Connect:Direct users in all nodes that execute Processes.
The following example shows how the IBM Connect:Direct Authorization Facility is used. This example includes two IBM Connect:Direct nodes, called SYSTEMA and SYSTEMB. Joe has access to SYSTEMA under the IBM Connect:Direct user ID of JOEA and access to SYSTEMB under the IBM Connect:Direct user ID of JOEB.
Joe requires two entries in the Authorization Facility of each system, as illustrated in the following tables. These entries give him access to IBM Connect:Direct on both systems and the authorization to move files between both systems.
SYSTEMA Authorization FIle | |||
---|---|---|---|
Node | User ID | Password | Authorized Functions |
SYSTEMA | JOEA | [pswd] | Y,Y,N,Y . . . . . |
SYSTEMB | JOEB | [pswd] | N,Y . . . . . |
SYSTEMB Authorization FIle | |||
---|---|---|---|
Node | User ID | Password | Authorized Functions |
SYSTEMA | JOEA | [pswd] | Y,Y,N,Y . . . . . |
SYSTEMB | JOEB | [pswd] | N,Y . . . . . |
The combination of logical node name and user ID is used to access the Authorization file on the remote node to obtain the user ID, password, and associated functional authority.
For example, if Joe sent a file from SYSTEMA to SYSTEMB, the combination of SYSTEMA and JOEA enables him to access the authorization file on SYSTEMB. This entry then determines what IBM Connect:Direct functional authority Joe has on SYSTEMB when coming from SYSTEMA.