XYGATE Access Control Reference Manual

XYGATE

Access Control Reference Manual

Appendix A: The ACCONF File

XYPRO Technology Corporation 113 Proprietary and Confidential

• If you need the USER in an XAC command to be an alias, you must use SWITCH,

LOGON, or SAFEGUARD_PRIVLOGON. If you choose SWITCH and enter an

alias as the USER, then the command will actually run as the alias’ underlying

userid.

• If your site uses Safeguard FILE-SHARING GROUPS, you must use LOGON,

PRIVLOGON or SAFEGUARD_PRIVLOGON.

• If the userid/alias that is the argument to the USER keyword in an XAC command

is FROZEN, then all methods except for SAFEGUARD_PRIVLOGON can logon to

a frozen or expired user.

• If your company security policy requires that the PASSWORD-REQUIRED

parameter be ON in Safeguard, then you must use SWITCH, PRIVLOGON or

SAFEGUARD_PRIVLOGON.

Example:

USER_SWITCH LOGON

If you need File-sharing and must have PASSWORD-REQUIRED ON, you must use

PRIVLOGON or SAFEGUARD_PRIVLOGON, but you cannot use an alias as the

USER argument if you choose PRIVLOGON.

1. SWITCH

When USER_SWITCH is set to SWITCH, XYGATEAC performs in the same manner it

always has, which does not support file sharing groups. The USER_SWITCH keyword

does not require PASSWORD-REQUIRED to be set to OFF in Safeguard. The USER

keyword in the ACACL entry can be set to a userid or a Safeguard alias, but if an alias

is specified, in actuality the userid underlying the Safeguard alias will be used.

Environment Requirements / Created Process Attributes SWITCH

Safeguard setting PASSWORD-REQUIRED must be off?

XAC USER argument in ACACL can be an alias. If an alias is

specified, the underlying userid will be used

YES

FILE-SHARING groups supported

XAC created process has LOGONNAME of creating process

YES

XAC Object must have PRIV-LOGON ON Diskfile attribute