Assume that you have protected your data sets and z/OS Unix files with your security package, Unix permissions and ACLs, etc so that z/OS userids have proper access. It is still likely that you don't want to allow some of these files to be transferred using FTP. In this case, the FTP FTCHKCMD user exit could be used for additional authorization and control.
The FTCHKCMD exit is a little tricky, since it gives you a bunch of parameters that have to be put together in order to resolve to a file, dataset, or directory name. There are several vendors with "managed file transfer" products that use these exits and map FTP file transfer authorities to SAF/RACF profiles. The ones that I know of are FTP WatchDog/Z, VitalSigns for FTP, and Zen FTP Control. If the above assumption is NOT true (which is unfortunately not that uncommon), then using the FTCHKCMD exit might be even more important. Kirk Wolf Dovetailed Technologies http://dovetail.com PS> Our Co:Z SFTP product supports IBM FTP-compatible user exits, and therefore also works with most customer or vendor FTP exits. Co:Z is free to use; enterprise license and support agreements are also available. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
