User Authorization Information File Worksheet

Use this worksheet when you are defining the user authorization information which includes the remote user information records and local user information records.

All IBM® Connect:Direct® users must have an entry in the user authorization information file.

Remote User Information Record

IBM Connect:Direct uses the remote user information record to establish a proxy relationship between remote and local user IDs. Remote user IDs are translated to valid local user IDs on the system where you are installing Connect:Direct for UNIX. IBM Connect:Direct also uses the remote and local user information records to determine the functionality of the user IDs that are translated and connected to it through a client using a IBM Connect:Direct API.

Use the following table to create a list of remote user IDs and the local user IDs to which they will be mapped. If necessary, make copies of this page to record additional remote user IDs and local user IDs.

For more information on creating remote user information records and for information on using special generic characters to map remote user IDs, refer to the IBM Connect:Direct for UNIX Administration Guide.

Remote User ID at Remote Node Name mapped to Local User ID
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  
  @   =  

Local User Information Record

Use the following table to record the local user ID records to create and the parameters to define. Define the additional parameters by editing the userfile.cfg file using any standard UNIX editor.

Default values are shown as capital letters in brackets. Before you begin defining local user information records, make copies of this worksheet for the number of users you plan to create.

Local User ID Parameter Description Value to Assign
  admin.auth Determines if the user has administrative authority.

y—All the other command parameter capabilities in the local user information record are automatically assigned to this user.

n—You must grant specific command parameters individually.

 
  client.cert_auth Determines if the user can perform certificate authentication for client API connections.

y—Enables client certificate authentication for the user

n—Disables client certificate authentication for the user

y | n
  client.source_ip Use this parameter to list all of the IP addresses and/or host names that are valid for this user's API connection. If you specify values for this field, the IP address of this user's API connection is validated with the client.source_ip list. If the IP address does not match the one specified on the list, the connection is rejected.

A comma-separated list of client IP addresses or host names associated with client IP addresses.

The IP address of the client connection for this user must match the address configured in this field.

For example: nnn.nnn.nnn.nnn, localhost

  cmd.chgproc Specifies whether the user can issue the change Process command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

a—Allows all users to issue this command.

 
  cmd.delproc Specifies whether the user can issue the delete Process command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

a—Allows all users to issue this command.

y | n |a

y—Default

a—For all users

  cmd.flsproc Specifies whether the user can issue the flush Process command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

a—Allows all users to issue this command.

y | n |a

y—Default

a—For all users

  cmd.selproc Specifies whether the user can issue the select Process command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

a—Allows all users to issue this command.

 
  cmd.selstats Specifies whether the user can issue the select statistics command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

a—Allows all users to issue this command.

 
  cmd.stopndm Specifies whether the user can issue the stop command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  cmd.submit Specifies whether the user can issue the submit Process command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  cmd.trace Specifies whether the user can issue the trace command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  descrip Permits the administrator to add descriptive notes to the record. text string ________________
  name Specifies the name of the user. user name ________________
  phone Specifies the telephone number of the user. user phone ________________
  pstmt.copy Specifies whether the user can issue the copy command.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.copy.

ulimit

Specifies the action to take when the limit on a user output file size is exceeded during a copy operation.

The value for this parameter overrides the equivalent value for the ulimit parameter in the initialization parameters file. If a value is not defined in the initialization parameters file, the default is n.

y or n or nnnnnnnK or nnnnM or nG where nnnnnnnK, nnnnM or nG establishes a default output file size limit for all copy operations.

K—Thousands of bytes.

M—Denotes millions of bytes.

G—Denotes billions of bytes.

The maximum value you can specify is 1 trillion byte.

 
  pstmt.download Specifies whether the user can download files.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.download

_dir

Specifies the directory to which the user can download files.  
  pstmt.runjob Specifies whether the user can issue the run job statement.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.runtask Specifies whether the user can issue the run task statement.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.submit Specifies whether the user can issue the submit statement.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  snode.ovrd Specifies whether the user can code the snodeid parameter on the submit command and Process and submit statements.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.upload Specifies whether the user can upload files.

y—Allows the user to issue the command.

n—Prevents the user from issuing the command.

 
  pstmt.upload_dir Specifies the directory from which the user can upload files.  
  run_dir Specifies the directory that contains the programs and scripts the user can execute.  
  submit_dir Specifies the directory from which the user can submit Processes.