Security Authorization
Authentication of a user ID and password is only half the task. TIBCO MFT Platform Server must still make sure that the user is authorized to perform the TIBCO MFT Platform Server function. After a user is authenticated, TIBCO MFT Platform Server checks whether the authenticated user is authorized to perform the particular function.
The checking mechanism used to determine whether a user is authorized for a particular function is the same as that used by the existing command line programs. The following tables list the function, and the necessary rights that must be configured to support a user to use TIBCO MFT Command Center to perform a TIBCO MFT Platform Server function on each operating system. For more detailed information on these features, see TIBCO Managed File Transfer Platform Server User’s Guide for the individual platforms.
TIBCO MFT Platform Server for IBMi Authorization
| Function | Security Validation |
|---|---|
| Audit Polling
Collector |
If the user has QSECOFR, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is authorized to change the following data areas: cfadmin, cfbrowse. If the user is authorized to change one of these data areas, the user is authorized to perform this function. |
| Execute Transfers | If the user has QSECOFR, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is authorized to change the following data areas: cfadmin, cfbrowse. If the user is authorized to change one of these data areas, the user is authorized to perform this function. |
| Node
User Profile Responder Profile |
If the user has QSECOFR, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is authorized to change the following data area: cfadmin. If the user is authorized to change this data area, the user is authorized to perform this function. |
TIBCO MFT Platform Server for UNIX Authorization
| Function | Security Validation |
|---|---|
| Audit Polling
Collector |
If the user is a root user (or
UID=0), the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of one of the following two UNIX groups: cfadmin, cfbrowse. If the user is a member of either group, the user is authorized to perform this function. |
| Execute Transfers | If the user is a root user (or
UID=0), the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of one of the following two UNIX groups: cfadmin, cfbrowse. If the user is a member of either group, the user is authorized to perform this function. |
| Node
User Profile Responder Profile |
If the user is a root user (or
UID=0), the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of the following UNIX group: cfadmin. If the user is a member of this group, the user is authorized to perform this function. |
TIBCO MFT Platform Server for Windows Authorization
| Function | Security Validation |
|---|---|
| Audit Polling
Collector |
If the user is a Windows administrator, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of one of the following two Windows groups: cfadmin, cfbrowse. If the user is a member of either group, the user is authorized to perform this function. |
| Execute Transfers | If the user is a Windows administrator, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of one of the following two Windows groups: cfadmin, cfbrowse. If the user is a member of either group, the user is authorized to perform this function. |
| Node
User Profile Responder Profile |
If the user is a Windows administrator, the user is authorized to perform this function.
Otherwise, TIBCO MFT Platform Server checks whether the user is a member of the following Windows group: cfadmin. If the user is a member of this group, the user is authorized to perform this function. |
TIBCO MFT Platform Server for z/OS Authorization
| Function | Security Validation |
|---|---|
| Audit Polling
Collector |
TIBCO MFT Platform Server checks two RACF (or ACF2 or Top Secret) facility classes defined in the TIBCO MFT Platform Server GLOBAL configuration:
CCC_ADMIN_FACILITY,
CCC_BROWSE_FACILITY.
If the user has read authorization for either facility class, the user is authorized to perform this function. |
| Execute Transfers | TIBCO MFT Platform Server checks two RACF (or ACF2 or Top Secret) facility classes defined in the TIBCO MFT Platform Server GLOBAL configuration:
CCC_ADMIN_FACILITY,
CCC_TRANSFER_FACILITY.
If the user has read authorization for either facility class, the user is authorized to perform this function. |
| Node
User Profile Responder Profile |
TIBCO MFT Platform Server checks the RACF (or ACF2 or Top Secret) facility class defined by the GLOBAL
CCC_ADMIN_FACILITY resource.
If the user has read authorization for this facility class, the user is authorized to perform this function. |