XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 145 Proprietary and Confidential
Node names in the ACL keyword can be specified with wildcarding components. The
wildcard characters are:
?
match letter or number
*
match rest of string
@
match any ALPHA character
+
match any NUMERIC character
Example:
COMMAND CHECK-SPOOL
USER 255,255
OBJECT $SYSTEM.SYSNN.TACL
ACL \N1*.255,* ALIAS:"\N1*.Super-*"
FILE $SYSTEM.OBEY.CHECKSPL
An ACACL Command Entry with this ACL definition is available to any Super user from
any node whose name begins with X. If there is no node specified on the ACL
keyword, the ACACL Command cannot be used across the network; only userids
logged on locally can use it.
Syntax:
ACL <userid-list>
Example:
COMMAND BACKUP-SUPER
USER SUPER.OPER
OBJECT $SYSTEM.SYSNN.BACKUP
ACL $OPERS
The ACACL Command Entry in this example permits users defined as members of the
$OPERS ACLGROUP to execute BACKUP as the user SUPER.OPER.
DENY or NOT
A DENY keyword is optional but is documented here as part of the required keywords
for clarity as it alters the required ACL keyword. DENY and NOT can be used
interchangeably. DENY followed by a userid-list can be placed at the end of any userid
list and serves specifically to deny access to the ACACL Command Entry to specified
userids.
Syntax:
DENY <userid-list>
In the Example below, all the members of the CONTROL group except
CONTROL.DEV are allowed to execute this command.
Example:
COMMAND COMPILE-PROG
DESCRIPTION "Allow CHG CNTRL to compile"
USER GROUP,USER
OBJECT $SYSTEM.SYSNN.TACL
ACL CONTROL.* DENY CONTROL.DEV
FILE $WORK.CONTROL.COMPIT