Set up the File Service

Attention: This topic applies to a feature that is in Early Adopter Program (EAP) release status. We intend to provide the finalized feature in a future release. Please contact OpenText Support for Micro Focus Products if you require further clarification.

Overview of the setup process

You need to manually configure the file service in ESCWA so that it connects to the Data Tools client, that is, the file editor UI. Currently, the setup supports using remote data servers, not local servers. Enterprise Server default security must be enabled, otherwise the file service will reject any connection attempts.

The process for setting up the file service is as follows:

  1. Open the ESCWA web UI.
  2. Create an RFA (remote file access) listener.
  3. Enable security for the enterprise server region.
  4. Allow user access to the cataloged datasets.

Start Enterprise Server Common Web Administration (ESCWA)

  1. In a web browser, type the URL http://localhost:10086.

    This starts the ESCWA UI in a browser.

  2. Click Native.
  3. In the navigation pane, expand Directory Servers > Default to view existing enterprise server regions.

The following sections assume that an enterprise server region has been created and is visible in ESCWA.

Add an RFA listener

To set up a new listener that communicates with the end-point client:

  1. Go to Directory Servers > Default > <RegionName>. Ensure that the region is not running.
  2. Click General > Listeners.
  3. Expand Communications Process 1 to view all listeners.
  4. Select New Listener in the Listener Properties page.
  5. In the Name field, type the name you want to assign to the listener, for example, RFA.
    Note: The listener name cannot be the same as the name of the region.
  6. In the Port field, enter the port number you intend to use.
    Note: The hostname and/or IP address can be set to localhost and 127.0.0.1 respectively to limit access to the service to the local machine, which provides additional security. If localhost is not specified, you should enable TLS, otherwise user credentials and file details will be transmitted unencrypted across the network.
  7. Select RFA in the Conversation Type section.
  8. If you want to define a TLS enabled file service listener:
    1. Click TLS Settings.
    2. Check Enable TLS.
    3. Type the location of the CA certificate into the Certificate File field.
    4. Type the location of the private key into the Keyfile field.
  9. Click Save.

    The new RFA listener is displayed under Communications Process 1.

Enable security for the enterprise server region

The enterprise server region security must be configured. In addition, you must ensure that a user has the correct permissions; you can do this by creating a new user or edit the permissions of an existing user.

First, verify that security is enabled for the region:

  1. In ESCWA, select your enterprise server region in the navigation pane.
  2. Click General > Security to open the Region Security Facility Configuration page.
  3. Ensure that the option Use Default Security Facility Configuration is checked.

Configure the user permissions

Next, configure the user to enable access.

  1. In ESCWA, click Security.
  2. In the navigation pane, go to ESCWA Configuration > VSAM ESM > Users.
  3. If editing the permissions of an existing user, click (Edit) to open the Properties window. Alternatively, you can create a new user and configure their permissions. To create a new user:
    1. Click New.
    2. In the Account Id field, enter an account name. In this instance, we will use the account ID RFAUSER for demonstration purposes.
    3. In the Password field, type a suitable password.
  4. Under Groups, check #AllUsrs.
  5. Click Save.

Now, you must configure the permissions of the user of the datasets in the data repository.

  1. Go to ESCWA Configuration > VSAM ESM > Resources.
  2. Expand DATASET, and select the datasets(s) that the user should be allowed to access.

    This opens the Resource Options page which allows you to set access rules for the chosen dataset.

  3. In the ACL field, type allow:<AccountId>:alter. As an example, for the user RFAUSER, you would type allow:RFAUSER:alter.

    This allows the user to view and modify the region's catalog. Alter access is required for the editor to open datasets.

  4. Click Apply.
  5. Click DATASET in the navigation pane.
  6. Click New Resource.
  7. In the Name field, type <RegionName>.<AccountId>.
  8. In the ACL field, type allow:<AccountId>:alter, and click Save.

    The class is added to the list of resources and you can view the permissions in the Description column. The region is ready for access via the file service API.

  9. To start the region, click Directory Servers > Default > <RegionName>, and click (Start).