Authorities for MFT to access file systems

For any file transfer request, the Managed File Transfer agent processes require some level of access to their local file systems.

• To transfer from a source file, the user ID that the source agent runs under must have read access to the source file. Additionally, you might need to give the source agent delete or write authority depending on the source disposition attribute.
• To transfer to a file or directory, the user ID that the destination agent runs under must have write authority to the specified path. Additionally, you might need to give the destination agent update authority, depending on the destination exists attribute.
• In addition to the file access authority that you grant to the agent process, we can also use sandboxing to specify and enforce a restricted file path area. For more information, see MFT sandboxes.
• If the files that we want to transfer to or from are not in a location accessible to the agent, for example a VSAM data set or in a location that is restricted by the sandboxing capability, we can use Managed File Transfer user exits to move the file to or from a location that can be accessed by the agent. For more information, see Customizing MFT with user exits.

Parent topic: Managed File Transfer security reference