Manualshelf

XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
141142143144145146147148149150
XYPRO Technology Corporation 121 Proprietary and Confidential
Appendix B: The ACCONFCO File
The ACCONFCO (XYGATEAC Company Configuration) is an optional edit file and is
kept in the same volume and subvolume as the XYGATEAC object file. The
ACCONFCO file contains the configuration options that determine what userid
limitations will be enforced on the USER keyword in the ACACL file.
The ACCONFCO file can be used to allow the delegation of XAC maintenance to
subordinate security administrators. The ACCONFCO file, which is owned and
maintained by the master security administrator, imposes limits on the range of userids
that the subordinate security administrators can use with the USER keyword in the
ACACL Command Entry file. For example, if the overall HP NonStop security
administrator works with two completely separate business units, the individual
administrators for the two units can be given their own individual XAC installations that
use the ACCONFCO file to prohibit access to both SUPER.SUPER and to the other
business unit’s userids and aliases. This file can contain one or more of the following
options:
AUDIT <filename> [DETAIL] [INVOKE] [CRITICAL] [EXT(pri,sec,max)] [NO_ROLL_MSGS]
AUDIT <$process-name> [CONSOLEPRINT] [CRITICAL] [DETAIL] [EMS] [INVOKE]
AUDIT <IP-process-name> IP <address[:port]> [DETAIL] [INVOKE] [CRITICAL]
[SYSLOG_PREFIX "<134> <normal text>"]
[SYSLOG_CRITICAL_PREFIX "<130> <critical text>"]
and
USER_ACL <userid list>
B1: Sample ACCONFCO File
AUDIT $AUDIT.XYGATEAC.MASTER INVOKE DETAIL
USER_ACL BUS1.* OPER.* SUPER.BUS1 ALIAS:"B-*"
B2: AUDIT File Considerations
For audit file creation and rollover behavior in XAC, refer to section 7.1 starting on
page 63.
B3: AUDIT (Process Name)
This keyword determines the audit file specifications when a process name is defined.
Refer to Appendix A4:AUDIT (Process Name).”