XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

161

162

163

164

165

166

167

168

169

170

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 138 Proprietary and Confidential

C3: ACACL Command Entries

The COMMAND keyword defines the name of an XAC ACACL Command Entry and

must be the first line of the entry. Three more keywords are required to minimally

define an ACACL Command Entry: USER, OBJECT and ACL (starting on page 141).

The DESCRIPTION keyword is optional but highly recommended.

The syntax for the COMMAND keyword is the following:

Syntax:

COMMAND <command-name>

DESCRIPTION "<string>"

USER <NonStop Kernel-userid>

OBJECT <objectfile-name>

ACL <userid-list> [DENY <userid-list>]

[<optional-keywords>]

COMMAND <command-name>

An ACACL Command Entry in the ACACL file defines the name you use to execute an

XAC command along with its required object code filename, which NonStop Kernel

userid it runs as, who is allowed to execute it, and all of its other attributes, including

batch or interactive inputs. There may be up to 2,000 ACACL Command Entries with

the following format:

Note: With the exception of having the keyword COMMAND first, the order of optional

keywords (DESCRIPTION and others) and the required keywords (OBJECT,

USER and ACL) for any Command Entry is arbitrary. No specific spacing is

required. All examples are shown with spacing and indentation to make them

easier to read.

Where:

<command-name> The (user defined) name of the XAC ACACL Command

Entry being defined. The ACACL Command Entry name

can be up to 31-characters long and can be comprised of

letters, numbers and dashes.

<objectfile-name> Any valid network or local form of a HP NonStop object

filename.

<NonStop Kernel-userid> This can be either the GROUPNAME.USERNAME or the

groupnum,usernum (between 0,1 and 255,255) of a userid.

If it is of the form GROUPNAME.USERNAME it must be a

currently valid userid. If it is of the form groupnum,usernum

it need not be an existing userid. The special keywords

GROUP and USER can be used to represent the

groupnumber of the current user or the usernumber of the

current user, respectively.