Local User Information Record Format
The local user record, userid, defines the default values for each user ID. Most of the parameters in the local user information record can take the following values:
- y—Indicates that you can perform the function. In the case of process and select statistics commands, you can affect Processes and view statistics owned by this user ID
- n—Indicates that you cannot perform the function.
- a—Indicates that you can issue commands for Processes owned by all users and generate statistics records for all users.
- v—Indicates that you can issue commands for viewing purposes only.
If the same parameter is specified in the remote user information record and the local user information record, the parameter in remote user information record takes precedence unless it is a null value. When a null value is specified in the remote record, the local user record takes precedence.
The following table defines the local user information parameters. The default values are underlined.
| Parameter | Description | Value |
|---|---|---|
| admin.auth | Determines if you has administrative authority. If set to y, you can perform all of the commands by default, but the specific command parameters override the default. If set to n, the specific command parameters must be granted individually. | y | n y—User has administrative authority. n—User does not have administrative authority. The default is n. |
| client.cert_auth | Determines if you can perform certificate authentication for client API
connections. y—Enables client certificate authentication for you n—Disables client certificate authentication for you |
y | n |
| client.source_ip |
Use this parameter to list all of the IP addresses and/or host names that are valid for this user's API connection. If you specify values for this field, the IP address of this user's API connection is validated with the client.source_ip list. If the IP address does not match the one specified on the list, the connection is rejected. |
A comma-separated list of client IP addresses or host names associated with client IP addresses. The IP address of the client connection for this user must match the address configured in this field. For example: nnn.nnn.nnn.nnn, localhost |
| cmd.chgproc | Determines if you can issue the change process command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.delproc | Determines if you can issue the delete process command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.flsproc | Determines if you can issue the flush process command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.selproc | Determines if you can issue the select process command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.viewproc | Determines if you can issue the view process command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.selstats | Determines if you can issue the select statistics command. A “y” value enables you to issue the command to targets owned by that user. Whereas, “a” allows you to issue the command to targets owned by all users. |
y | n | a y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. a—Allows you to issue the command against targets owned by all users. |
| cmd.stopndm | Determines if you can issue the stop command. | y | n y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. |
| cmd.s+conf | Determines if you can issue commands from network clients, such as IBM® Control Center or Java API, to configure Connect:Direct® Secure Plus. Note: This parameter has
no effect on local tools, such as spadmin.sh and spcli.sh.
|
y | n y—Allows you to issue commands. The default is y. n—Prevents you from issuing commands. |
| cmd.submit | Determines if you can issue the submit process command. | y | n y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. |
| cmd.trace | Determines if you can issue the trace command. | y | n y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. |
| descrip | Permits the administrator to add descriptive notes to the record. | Unlimited text string |
| name | The name of you. | User name |
| phone | The phone number of you. | user phone number |
| pstmt.copy | Determines if you can issue the copy statement. | y | n y—Allows you to issue the command. n—Prevents you from issuing the command. The default is n. |
| pstmt.copy.ulimit | The action taken when the limit on you output file size is exceeded during a copy operation. The value for this parameter overrides the equivalent value for the ulimit parameter in the initialization parameters file. | y | n | nnnnnnnn | nnnnnnnnK | nnnnnnnM | nnnnG y—Honors you file size limit. If this limit is exceeded during a copy operation, the operation fails. n—Ignores the limit. The default is n. nnnnnnnn, nnnnnnnnK, nnnnnnnM, or nnnnG—Establishes a default output file size limit for all copy operations. K denotes 1024 bytes. M denotes 1048576 bytes. G denotes 1073741824 bytes. The maximum value you can specify is 1 TB. |
| pstmt.upload | Determines if you can send files from this local node. If a file open exit is in use, this parameter is passed to the exit, but it is not enforced. | y | n y—Allows you to send files. The default is y. n—Prevents you from sending files. |
| pstmt.upload_dir | The directory from which you can send files.
If a value is set for this parameter, then files can only be sent from this directory or subdirectories.
The specified restriction is treated as the file system root while processing the send side of copy steps and is the default directory for unqualified file specifications.
A fully qualified file specification beginning at the actual system root will also succeed if the first part of the specification matches the restriction.
For example, assume file /aaa/bbb/ccc.txt exists on the system, and the directory restriction specified is /aaa. Then the following copy step specifications will succeed:
Note: If a file open exit is in use, this parameter is passed to the exit, but is not enforced.
|
Directory path name |
| pstmt.download | Determines if you can receive files to this local node. If a file open exit is in use, this parameter is passed to the exit, but it is not enforced. | y | n y—Allows you to receive files. The default is y. n—Prevents you from receiving files. |
| pstmt.download_dir | The directory to which you can receive files.
If a value is set for this parameter, then files can only be received to this directory or subdirectories.
The specified restriction is treated as the file system root while processing the receive side of copy steps and is the default directory for unqualified file specifications.
A fully qualified file specification beginning at the actual system root will also succeed if the first part of the specification matches the restriction.
For example, assume directory /aaa/bbb exists on the system, and the directory restriction specified is /aaa. Then the following copy step specifications will succeed:
Note: If a file open exit is in use, this parameter is passed to the exit, but is not enforced.
|
Directory path name |
| pstmt.run_dir | The directory where IBM Connect:Direct is installed that contains
the programs and scripts you executes with run job and run task statements. Any attempt to execute a
program or script outside the specified directory fails. The UNIX Restricted Shell provides enhanced security by restricting you to the commands contained in the pstmt.run_dir. If you does not specify pstmt.run_dir, the commands are started with the Bourne shell. To restrict the use of special characters in the run directory, be sure to configure Y for the restrict:cmd initialization parameter. For more information on specifying the restrict:cmd initialization parameter, see Restrict Record. |
Directory path name |
| pstmt.runjob | Specifies whether you can issue the run job statement. | y | n y—Allows you to issue the statement. n—Prevents you from issuing the statement. The default is n. |
| pstmt.runtask | Specifies whether you can issue the run task statement. | y | n y—Allows you to issue the statement. n—Prevents you from issuing the statement. The default is n. |
| pstmt.submit | Specifies whether you can issue the submit statement. | y | n y—Allows you to issue the statement. n—Prevents you from issuing the statement. The default is n. |
| pstmt.submit_dir | The directory from which you can submit Processes. This is for submits within a Process. | Directory path name |
| snode.ovrd | Specifies whether you can code the snodeid parameter on the submit command and process and submit statements. | y | n y—Allows you to code the snodeid parameter n—Prevents you from coding the snodeid parameter. The default is n. |
| pstmt.crc | Gives you the authority to specify the use of CRC checking in a Process
statement. Setting this parameter to y enables you to override the initial settings in the initialization parameters or network map settings files. |
y | n y—Allows you to specify CRC checking on a Process statement. n—Prevents you from specifying CRCchecking on a Process statement. The default is n. |
| fileagent.auth | Determines if you can issue get/update File Agent JSON configuration command. A “v” value enables you to issue the get File Agent JSON configuration command. Whereas a “y” value enables you to issue both get/update File Agent JSON configuration command. The value "n" prevents you from issuing either commands. |
y | n | v y— Allows you to issue both get/update File Agent JSON configuration command. n— Prevents you from issuing File Agent JSON configuration command. v— Allows you to issue only get File Agent JSON configuration. |
| proclib.auth | Determine if you can issue process library commands like add, delete, rename, list and get. A “v” value enables you to issue the get/list Process library command. Whereas a “y” value enables you to issue all the Process library commands. The value "n" prevents you from issuing any of the commands. |
y | n | v y— Allows you to issue all the process library commands. n— Prevents you from issuing process library commands. v— Allows you to only view the process library via get/list commands. |
| cmd.external.stat.log | Determines if you can log stats in to Connect:Direct for UNIX from Integrated File Agent. A “y” value enables you to log stats from Integrated File Agent into Connect:Direct for Unix. A “n” value prevents you from logging stats from Integrated File Agent into Connect:Direct for Unix. |
y | n y— Allows you to log stats from Integrated File Agent into Connect:Direct for Unix stats. n— Prevents you from logging stats from Integrated File Agent into Connect:Direct for Unix stats. |