Example: Rejecting All Transactions Except a Specific Transaction

Suppose your company security policy prohibits the use of FTP. However, your accounting associate needs to download the accounts receivable file into an MS Excel spreadsheet. To accommodate this transaction, but prohibit all others, you can capture and memorize the individual transaction, and configure a rule that permits it alone while rejecting all others.

NOTE: In order for these steps to work, the server being used for the transaction (in this case *FTPSERVER) must be active and enabled. See Activating Exit Point Manager.

Rejecting all transactions except a specific transaction

  1. In the Navigation Pane, select Rules, then click and set Search By to User. Click to dismiss the search/filter menu. Enter *PUBLIC into the search field and press Enter. Then, select the *FTPSERVER > *ALL,*PUBLIC rule for a system. This is one of Exit Point Manager's default user rules.

  2. For Capture, select Yes.
  3. Choose Save. You have just told Exit Point Manager to capture a record of all transactions coming through your IBM i system's FTP server.
  4. Have the accounting associate, (in this example, Bill), download the accounts receivable file. Based on the rule you've set up, Exit Point Manager will allow and capture the transaction. For this example, we'll assume Bill has downloaded the file "ACCTREC" using the FTP server's SENDFILE (get) function.
  5. In the Navigation Pane, select Captured Transactions.
  6. Click and set Search By to User. Click to dismiss the search/filter menu.
  7. In the search box, for this example, we will type "bill" to show only the transactions by user BILL. 

  8. Select the SENDFILE transaction. In the View Captured Transaction panel, verify the details of the transaction are accurate and choose Memorize .
  9. In the New Memorized Transaction screen, next the Authority field, click Lookup and choose *OS400. This instructs Exit Point Manager to allow the transaction (deferring to the IBM i security settings). (If you have chosen to memorize this transaction for a specific location, specify both the location and the authority. See New Location Memorized Transaction.)
  10. Set the Status to Active to activate the rule.
  11. Choose Save.
  12. You've now created a rule that allows Bill to download the accounts receivable file. However, Bill, or any other user, still has access to all the FTP server functions. Next we will configure Exit Point Manager to reject all other transactions coming through the FTP server.
  13. Click to open the Navigation Pane , select Rules, then select the *FTPSERFVER > *ALL *PUBLIC user rule.

  14. In the Edit Rule screen, click Lookup for Authority and choose *REJECT. This indicates you want to reject all attempts to use the FTP server. Because of the hierarchy of Exit Point Manager's rule evaluation procedure, this rule will not apply to the transactions you just captured and memorized. On the Rules screen, you may have noticed the new rules with the authority *MEMOS400 (see above). These rules were created when we memorized the captured transactions. *MEMx rules are evaluated after the *PUBLIC rule, and in this example allow these specific transactions to proceed).
  15. Set Capture back to Inherit.
  16. Choose Save. Now, only the two transactions specified will be allowed on the FTP server. All others will be rejected.
Previous