Switch Profiles

Exit Point Manager's Switch Profiles function allows you to customize Exit Point Manager authorizations for network access requests.

For example, you might use switch profiles in the following situation:

User POWERUSER initiates an incoming FTP request. The POWERUSER profile normally has IBM i authority to change or delete almost any file on the system, and to run most commands using the FTP RMTCMD facility. Because you want to limit the ability of POWERUSER to run FTP requests, you tell Exit Point Manager to switch to another user ID, called READONLY, whenever POWERUSER runs FTP. The READONLY user ID has *USE authority to IBM i files, allowing read-only access to the files, preventing POWERUSER from making any file modifications.

Note: When you specify a switch profile, all subsequent actions performed in that FTP session are performed using the switch profile until the user performs another FTP function. Then, Exit Point Manager switches back and performs the next function as the original user.

For example:

  • User Bill makes a request to PUT (perform a SENDFILE) a file to the IBM i. Since a rule exists to switch profiles whenever a SENDFILE function is performed, the FTP PUT is switched to run under the user profile POWERUSER.
  • All subsequent commands run during Bill's FTP session run under the profile POWERUSER, not Bill.
  • As soon Bill performs another FTP function (such as CHGCURLIB or GET), Exit Point Manager changes the job to run as Bill.

 

Related Topics