XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

171

172

173

174

175

176

177

178

179

180

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 149 Proprietary and Confidential

C5: ALIAS

This keyword is used to convert a command input by an user or an input-file ("from") to

a different command ("to"). This allows the XYGATEAC manager to define

abbreviations for a subsystem or change a subsystem’s internal OBEY command to

XAC’s <<OBEY command.

ALIAS processing uses the multiple command separator defined using the

MULTIPLECOMMANDSEP keyword. There are a maximum of 1,000 ALIAS

commands permitted for all ACACL Command Entries with a maximum of 20,000

characters, and 40 ALIAS entries allowed for any one ACACL Command Entry with a

maximum of 1,000 characters.

When an input string is checked for ALIAS matches, the check is performed from the

beginning of the command input by the user for the exact length of the string in the

ALIAS keyword. This means that partial information may be entered. For example,

PURGEDATA and PURGE both match "PURGE", but only PURGE matches "PURGE "

(note the extra space between the E and the final quotation mark).

ALIAS will not process information embedded in the command. For example, a search

on AUDIT will match "AUDITPROG" and "AUDIT_OUTPUT_COUNT", but will not

match "NOAUDIT".

Multiple spaces will be condensed to one space for matching considerations. For

example, "AL 100" will be mapped to "AL 100" for the comparison.

When the program being executed through XAC supports multiple commands on a

line, such as EDIT or SQLCI, the multiple command separator needs to be specified

using the MULTIPLECOMMANDSEP keyword so that ALIAS processing can be

applied to each separate command on the line.

Note: The order of evaluation of commands is ALIAS, %parameters, FKEY,

ALLOWCMD / DENYCMD, COMMANDESC and RUNCHECK. All ALIAS entries

in the ACACL Command Entry will be processed before any other checking is

performed. Also, an ALIAS’d command is not subject to

ALLOWCMD/DENYCMD checking at all.

Syntax:

ALIAS "<from>" "<to>"

Example:

COMMAND SECURE-TACL

DESCRIPTION "Translate OBEY to XYGATEAC >OBEY"

ACL \*.*.*

USER GROUP,USER

OBJECT $SYSTEM.SYSNN.TACL

NULLNULLSTOP

START_LOGGED_OFF

FC FC? FCPROMPT "> "

ALIAS "OBEY"">OBEY"

ALIAS "O"">OBEY"

Note: Whenever ALIAS is used, the FC keyword and

either FC# or FC?

keyword should also be used

to preserve security. Refer to the DENYCMD

description on page 169 for more information.