Switch Profiles

Exit Point Manager's Switch Profiles function allows you to customize Exit Point Manager authorizations for network access requests.

For example, you might use switch profiles in the following situation:

User POWERUSER initiates an incoming FTP request. The POWERUSER profile normally has IBM i authority to change or delete almost any file on the system, and to run most commands using the FTP RMTCMD facility. Because you want to limit the ability of POWERUSER to run FTP requests, you tell Exit Point Manager to switch to another user ID, called READONLY, whenever POWERUSER runs FTP. The READONLY user ID has *USE authority to IBM i files, allowing read-only access to the files, preventing POWERUSER from making any file modifications.

Creating a Switch Profile

You probably have user profiles on your system that you can use as a switch profile. However, if you decide to create new user profiles to be used as Exit Point Manager Switch Profiles, use the following guidelines.

NOTE: The switch profile function is not allowed on the file server. If the file server exit program swaps to another user and does not swap back to the original user, the file server session continues to operate with the user that originally connected to the session. This is because the host file server and IBM i NetServer get credential information for the user who did the initial connection to the session and uses this credential information when doing client requests. With the host file server and IBM i NetServer using the credential information, any swapping of the user profile in the file server exit program is not used by the file server for file system operations.

 

Related Topics