XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix A: The ACCONF File
XYPRO Technology Corporation 115 Proprietary and Confidential
2. LOGON
When USER_SWITCH is set to LOGON, file sharing groups are completely supported.
PASSWORD-REQUIRED must be set to OFF in Safeguard. The USER keyword in the
ACACL entry can be set to a userid or a Safeguard alias. If it is set to an alias, the
COMMAND will actually run as the alias.
Environment Requirements / Created Process Attributes LOGON
Safeguard setting PASSWORD-REQUIRED must be off? YES
XAC USER argument in ACACL can be an alias YES
FILE-SHARING groups supported YES
XAC created process has LOGONNAME of creating process NO
XAC Object must have PRIV-LOGON ON Diskfile attribute NO
Example 1: XAC Command Entry where USER argument is an alias
COMMAND test
USER ALIAS:”super-super-alias” ! underlying userid is 255,255
ACL $EVERYONE
OBJECT $SYSTEM.SYSNN.TACL
START_LOGGED_ON
USER_SWTICH LOGON
QUIET
INPUT "#OUTPUT [#PROCESSINFO /LOGONNAME/], USER: [#PROCESSINFO/PAID/]"
PROMPT "'(',PAID,')'"
Example 2: Logon as a user and execute above XAC Command
$VIK IK 40> #OUTPUT [#PROCESSINFO/LOGONNAME/], USER:[#PROCESSINFO/PAID/]
XYPRO.IK, USER:222,52
$VIK IK 41> XAC test
super-super-alias, USER: 255,255
(255,255)3>
Example 3: XAC Command Entry where USER argument is a user
COMMAND test
USER 255,255
ACL $EVERYONE
OBJECT $SYSTEM.SYSNN.TACL
START_LOGGED_ON
USER_SWTICH LOGON
QUIET
INPUT "#OUTPUT [#PROCESSINFO /LOGONNAME/], USER: [#PROCESSINFO/PAID/]"
PROMPT "'(',PAID,')'"
Example 4: Logon as a user and execute above XAC Command
$VIK IK 45> #OUTPUT [#PROCESSINFO/LOGONNAME/], USER:[#PROCESSINFO/PAID/]
XYPRO.IK, USER:222,52
$VIK IK 46> XAC test
SUPER.SUPER, USER: 255,255
(255,255)3>