Permissions required for DTSCLI Securitymode fail

Document ID : KB000103752
Last Modified Date : 29/06/2018
Show Technical Document Details
Introduction:
Using the DTSCLI command with securitymode=fail to transfer files from one agent to another using the following command:

dtscli -a ipath="<Path to file>" iuser=<username>::<password> rpath="<TargetServer>::"<Path\filename>" ruser=<username>::<password> output_mode=c "f_filters=:CREATE_PATH" "p_filters=BINARY_READ:BINARY_WRITE AES256_ENCRYPT:AES256_DECRYPT" retry_limit=0 throttle=5 

However, the transfer fails with the following error:
CLI0544 Transfer failed: E (390) Security violation: userid or password is not correct. role=Initiator (390). 
Transfer state: FAILED 


Note:
DTSCLI Securitymode configuration policy parameter is present under DSM->Data Transport Service (DTS)->Data Transport Agent Plugin

DTSCLI Securitymode Fail



 
Question:
What permissions are required when the authentication for DTS transfer between agent to agent using the DTSCLI command is set to securitymode=fail?
Environment:
All versions of CA Client Automation
Answer:
For the DTSCLI command to read files from the source, the 'iuser' account on the source needs read permissions.

Similarly, to write on the target, the 'ruser' account needs write permissions.

For the user account to also be able to connect to the machine to initiate anything, log on locally rights are required. 

For more information on the DTSCLI parameters please refer the following link:
https://docops.ca.com/ca-client-automation/14-0/en/reference/dts-command-line-reference/agent-to-agent-transfers