Example 1: Rejecting All Transactions Except a Specific Transaction

Suppose your company security policy prohibits the use of FTP. However, your accounting associate needs to download the accounts receivable file into an MS Excel spreadsheet. To accommodate this transaction, but prohibit all others, you can capture and memorize the individual transaction, and configure a rule that permits it alone while rejecting all others.

NOTE: In order for these steps to work, the server being used for the transaction (in this case *FTPCLIENT) must be active and enabled. See Activating Exit Point Manager.

Rejecting all transactions except a specific transaction

  1. Select option 1 from the Exit Point Manager Main Menu to display the Work with Security by Server panel. Enter SP next to *FTPCLIENT to display the Change Server Function Rule panel. Enter a Y next to Capture to turn on the Capture Transactions filter rule property for the FTP client server.

  2. Have the accounting associate download the accounts receivable file. Based on the current configuration, Exit Point Manager will allow the transaction and capture it. For this example, we'll assume Bill has downloaded the file "ACCTREC" using the FTP client server's RECVFILE (get) function.
  3. Press F3 until you return the Main Menu.
  4. Choose option 10 to open the Work with Captured Transactions panel.
  5. press F16 to display the Subset panel. Filter the captured transactions by the server name *FTPCLIENT.

  6. Press Enter to view the transactions. In this case, two FTP transactions were required in order for Bill to download the ACCTREC file: the INIT function required to initialize the FTP session, and the RECVFILE function called to download the file. In order to permit Bill to download the file in the future, both of these transactions must be memorized and allowed. Then, to prevent all other users from downloading the file, the *PUBLIC rule for the FTP Client server must be set to *REJECT.

  7. Enter 1 next to the RECVFILE transaction and press Enter.

  8. Ensure the Authority is set to *OS400, in order to allow the transaction, and press Enter to save your changes.
  9. Repeat steps 7-8 for the INIT transaction. You've now created rules that allow Bill to download the accounts receivable file. However, Bill, or any other user, still has access to all the FTPCLIENT server functions. Next we will configure Exit Point Manager to reject all other transactions coming through the FTPCLIENT server by setting the *PUBLIC user rule to *REJECT.
  10. Press F3 to return to the Main Menu and select option 1, Work with Security by Server.
  11. Type UA next to *FTPCLIENT and press Enter to open the Work with Security by User panel.
  12. Enter 2 to change the *PUBLIC rule.
  13. Change the Authority for *PUBLIC to *REJECT and set Capture to * (to stop capturing transactions).
  14. Press Enter. Now, only the two transactions specified will be allowed on the FTP server. All others will be rejected.
Previous Next