Users from Remote Hosts

When a user at a remote host requests access to the local host through a distributed systems service, the system

  • Searches the local USERDATAFILE for entries enabling the requesting usercode/host name combination to access the local host.

  • Grants the remote user system access only if an appropriate usercode/host name entry appears in the USERDATAFILE of your system.

The USERDATAFILE on your system must include an appropriate REMOTEUSER entry for the requested access to be granted. Refer to Network Security and Cryptography Services for detailed information.

This requirement applies unless the requested operation is a station transfer to the local host. A remote user requesting a station transfer is required to enter a usercode and password on the local system. The system searches the USERDATAFILE only for a corresponding usercode/password entry.

In a station transfer, the host to which the remote user's station is attached is not relevant to that user's access privileges on the local host.

Status of Remote Users

Any special access rights granted to a remote user in the local USERDATAFILE give that user the same status as a user on the local host with those access rights.

For example, a remote user who is designated Privileged User (PU) has exactly the same rights on the local host as a local user with privileged-user status.

Status of Remote Code Files

The privileged status of a code file that has been named in an MP (Mark Program) system command with the PU option does not extend across a BNA network to a remote host.

A privileged code file can perform certain operations, such as creating and removing disk files stored under another usercode, reading and writing files of another user, and invoking selected operating system control interfaces, only on the host where the program is running.

A privileged program has no special privileges when accessing files on a remote host.

System Command Access

The system command AT (At Remote Host) enables you to send system commands to remote hosts.

You can use the syntax AT <host name> <system command> in

  • CANDE

  • MARC

  • DCALGOL DCKEYIN commands

A remote user designated as a SYSTEMUSER on a host has the same access to system commands as a user on the local host who is designated as a SYSTEMUSER.

Host Usercode

In most cases, a request to initiate a DISTRIBUTED SYSTEM SERVICE dialog is accompanied by a usercode. Such requests include

  • System commands sent to a remote host with the AT <host name> command

  • File transfers initiated with the Work Flow Language (WFL) COPY statement

  • Job transfers initiated with the WFL START or ?AT <host name> statement

  • Remote tasking operations; that is, tasks defined on remote hosts but initiated from the local host

  • Status change reporting on remote tasks initiated from the local host

  • Logical I/O operations; that is, tasks defined on and initiated from the local host that access files from remote hosts

In each of these situations, the originating system host usercode is appended only if no other usercode is available to accompany the request.

For example, if the TERM (Terminal) system command is used to associate a usercode with an ODT, any AT <host name> request initiated at that terminal runs on the remote host under the usercode associated with the ODT, not under the host usercode.

Similarly, if the request initiates from a MARC or CANDE session, the usercode associated with the session is used at the local host.

If a remote request does have a usercode associated with it but the usercode is not defined in the USERDATAFILE of the local host, the request is denied; the host usercode associated with the remote request is not used.

You can use the HU (Host Usercode) system command

  • To designate a usercode for a host

  • To define the usercode in a REMOTEUSER entry and in a USER entry at that host

Station Transfer

Station transfer is invoked with the CONNECT command in CANDE or MARC.

This command transfers a local station to a remote host. A transferred station acts as if it were connected directly to the remote host.

With station transfer, the remote user must log on to the remote host. Any access rights that the user enjoys on the remote host are dictated entirely by the remote host.

For example, a remote user has privileged-user status only if it is granted for his or her usercode in the USERDATAFILE of the remote host.

Remote Users with the AUTOSTAXFER Service

You can enable automatic log on at a remote host by creating a remote MCS window. The name of the Transaction Server window (such as CANDE, MY_DCI_WINDOW, and so forth) to which you want the user to have access through the remote MCS window is entered in the Remote Window Name field. This enables users to have default access to the window specified in the Remote Window Name field on the remote host defined in the Hostname or Domain Name field.

When the user enters the ?ON command, the user is logically connected and logged on to the remote host and a dialog opened to the Transaction Server window specified in the Remote Window Name field.

The station's current usercode, accesscode, and chargecode are used to log on to the remote host. Local aliasing of the usercode applies at the remote host. For example, given the following USERDATA Remote User entry, the user currently logged on as HOSTAUSER is logged on HOSTB as GUEST. 

RU HOSTAUSER OF HOSTA LOCALALIAS = GUEST
            SERVICE = AUTOSTAXFER

The USERDATA Remote User attribute SERVICE must have the value AUTOSTAXFER to automatically log on at the remote host and inherit the remote window name.

Automatic log-on to a remote Transaction Server provides seamless access to that Transaction Server and maximizes the use of existing resources within a system network.

Prev  Up  Next
Access Control Features  Home  Restriction of Remote Hosts