XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix A: The ACCONF File
XYPRO Technology Corporation 116 Proprietary and Confidential
3. PRIVLOGON
When USER_SWITCH is set to PRIVLOGON, file sharing groups are supported for
Guardian userids, but not Safeguard aliases. PASSWORD-REQUIRED does not have
to be set to OFF. The USER keyword in the ACACL COMMAND can be set to a userid
but not to a Safeguard alias.
Environment Requirements / Created Process Attributes PRIVLOGON
Safeguard setting PASSWORD-REQUIRED must be off? NO
XAC USER argument in ACACL can be an alias NO
FILE-SHARING groups supported YES
XAC created process has LOGONNAME of creating process NO
XAC Object must have PRIV-LOGON ON Diskfile attribute NO
Example 1: XAC Command Entry - USER argument is a user
COMMAND test
USER ROLE.SECMGR ! userid is 223,24
ACL $EVERYONE
OBJECT $SYSTEM.SYSNN.TACL
START_LOGGED_ON
USER_SWTICH PRIVLOGON
QUIET
INPUT "#OUTPUT [#PROCESSINFO /LOGONNAME/], USER: [#PROCESSINFO/PAID/]"
INPUT "SETPROMPT NONE"
PROMPT "'(',PAID,')'"
Example 2: Logon as a user and execute above XAC Command
$VIK IK 48> #OUTPUT [#PROCESSINFO/LOGONNAME/], USER:[#PROCESSINFO/PAID/]
XYPRO.IK, USER:222,52
$VIK IK 49> XAC test
ROLE.SECMGR, USER: 223,24
(223,24)3>
4. SAFEGUARD_PRIVLOGON
When USER_SWITCH is set to SAFEGUARD_PRIVLOGON, XAC can take
advantage of the Safeguard PRIV-LOGON functionality available beginning with
Safeguard releases H06.11 and G06.32.
When USER_SWITCH is set to SAFEGUARD_PRIVLOGON, XAC will behave as if it
were set to LOGON; that is, if the USER keyword is an alias, the program started by
the COMMAND will run as the alias.
Environment Requirements / Created Process Attributes SAFEGUARD_PRIVLOGON
Safeguard setting PASSWORD-REQUIRED must be off? NO
XAC USER argument in ACACL can be an alias YES
FILE-SHARING groups supported YES
XAC created process has LOGONNAME of creating process NO
XAC Object must have PRIV-LOGON ON Diskfile attribute YES