XCOM equivalent for RSECURP=('*','*','*') in Netview FTP
search cancel

XCOM equivalent for RSECURP=('*','*','*') in Netview FTP

book

Article ID: 416764

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS

Issue/Introduction

Replacing Netview FTP with XCOM for transfers between Z/OS partners.

In a transfer request, Netview FTP allows specification of RSECURP=('*','*','*') which causes the userid, password and group ID of the requesting user to be passed to the remote system. The password and group ID are retrieved from RACF

Is there an equivalent functionality with XCOM?

Resolution

By default, XCOM passes the userid of the requestor to the remote system. However, it is not able to retrieve the password from RACF.  About group ids, XCOM does not deal with them at all. It just impersonates userids and the impersonated userid gets its default group ID as per its RACF definition.

What can be done is to have the remote XCOM impersonate the local userid at the remote MVS without using a password. This would work in a way similar to RSECURP=('*','*','*') except for group IDs. This result may be achieved using the trusted access feature described at Set Up Trusted Access Security section of the XCOM documentation

The requestor of the transfer needs to specify the following SYSIN01 parameters:

  • Don't specify USERID nor PASSWORD so that the local userid is passed to the partner
  • TRUSTED=Y to request trusted access processing at the partner

The following needs to be setup at the remote partner

  • An enabled destination setting overrides for default parameters when processing transfers from the local partner
  • The destination member needs to specify TRUSTID=user where 'user' matches the userid that requested the transfer. Note that a destination member may specify multiple TRUSTID statements

When the remote XCOM receives a request with TRUSTED=Y, it will try to match the userid specified in the request (which matches the userid who requested the transfer) with any of the TRUSTID entries in the destination member associated with the initiating partner. If a match is found the transfer will be accepted and the userid will be impersonated without using a password.

If no match is found, if there is no enabled destination associated with the initiating partner, or if the destination does not have any TRUSTID entries, the transfer will fail and error message XCOMM0463E ERROR SETTING REMOTE USER ID: TRUSTED ACCESS DENIED will be returned to the initiating partner

NOTE: The TRUSTID parameter may be specified as TRUSTID=user1,user2. In tis case, the incoming userid will be matched with 'user1' but 'user2' will be impersonated and used to process the transfer

Powered by Wolken Software