CFACCESS

With the Platform Server CFACCESS (Access Control) function, the administrator can control file transfer capabilities for a user or node.

For entry into the z/OS system, the Platform Server requires a valid user ID and password. To ensure only authorized users can transfer data successfully, the Platform Server validates this information with RACF or other security system and verifies if the user is authorized to access the transfer dataset.

But under certain conditions, the Platform Server administrator must have additional control over the functions that users can perform and the datasets that they can access. The Access Control function provides this capability.

Using Access Control, the administrator can control the file transfer capabilities for:

• A user
• A node or IP address
• A combination of user and node/IP address

The administrator can restrict the following transfer functions:

• Sending a file
• Receiving a file
• Submitting a job into the internal reader
• Executing a command
• The High Level Qualifier (HLQ) for a file send transfer
• The HLQ for a file receive transfer

Additionally, the administrator can restrict the following postprocessing actions (PPA):

• Executing a command
• Submitting a job into the internal reader
• The DSN for JCL to be submitted into the internal reader

The file transfer type is dependent on the Platform Server for z/OS that processes the request. For example, a send request on Platform Server for Windows is processed as a receive request on Platform Server for z/OS and the receive parameters are checked against the CFACCESS configuration.

The CFACCESS configuration parameters can be activated through one of following ways:

• When Platform Server starts up
• When the Platform Server CFACCESSREFRESH operator command is entered