Menus and User Profiles

This topic provides an overview of the menus, access to menus, user profiles, and file rights in TIBCO® Managed File Transfer Platform Server for IBM i.

Menus

  1. Administration Main Menu: CFADM is the object name of the menu. A user with high authority can access this menu and all the product menu options.
  2. Main Menu: CFMAIN is the object name of the menu. A user with low authority can access this menu and options on this menu only.

Access to Menus

  1. You can access the Administration Main Menu (CFADM) and process menu options and commands only if you have one of the following user profiles:
    • Security Officer (QSECOFR)
    • Security Administrator (SECADM)
    • Any user profile that has Security Officer (QSECOFR) group rights
    • Any *PUBLIC user profile that has been given access rights to any TIBCO Managed File Transfer (MFT) Platform Server for IBM i product objects, like menus, programs, commands, and files
  2. You can access the Main Menu (CFMAIN) and process menu options and commands if you have a *PUBLIC user profile.

User Profiles and Tasks

If you are the Security Officer (QSECOFR) or the Security Administrator (SECADM), you can do the following tasks:
  • Change the authority to access the Administration Main Menu and process Administration Main Menu options or commands. This is done by using IBM i command EDTOBJAUT (edit object authority) on the menus, programs, and commands objects and by changing the *PUBLIC object authority to *EXCLUDE, *USE, *CHANGE, *ALL.
  • Change the TIBCO MFT Platform Server for IBM i product's user profile name, add or remove special authorities, change or replace the job description for a user profile. And most important, the administrator user can replace the TIBCO MFT Platform Server for IBM i user profile with their own custom user profile.
If you are any user, you can do the following tasks:
  • Access the Main Menu
  • Process any Main Menu options or commands

    A *PUBLIC user profile does not need any special authorities to their own user profile attributes. However, the user profile must have proper authority access rights that the administrator user provides to all IBM i system objects, such as programs, commands, libraries, and files that the user profile is working with when using the product.

File Rights

If you want to make changes in files, you must have the following authority rights:
  • To create or update remote or local files using MFT Platform Server Data Transfer Commands, the local and remote user profiles must have authority over the file.
  • To create or update IBM i files using MFT Platform Server, the IBM i user profile must have *CHANGE authority over the file, *CHANGE authority over the library and *USE authority over the IBM i command CRTPF (create a physical file). The administrator can grant this authority to a user profile using the EDTOBJAUT IBM i command.
  • To use the MFT Platform Server Data Transfer Commands, the user authority profile can be at the lowest user class level *USER. But in the user profile authority specification setup, the user cannot be given limit capabilities value equal to *YES or *PARTIAL. It limits the user's control over IBM i objects like programs, menus, files, and libraries. It also determines whether the user can run commands from an IBM i command line. The user authority profile can incorporate all the authority rights needed to use the MFT Platform Server transfer process by being part of a high authority group profile.
    Note: Only a profile with administrator authority has the right to transfer SAVF files using DB2 templates to an IBM i System. If the administrator wants the user authority profile to work with DB2 templates, then the administrator must give *USE authority over the IBM i command RSTOBJ. The administrator can grant this authority to a user profile using the EDTOBJAUT IBM i command.