XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 154 Proprietary and Confidential
<<CONFIG and <<LOCK. No other XAC internal commands can be used, but the
ALLOWCMD "*" at the end of the ALLOW/DENY list allows all other commands not
explicitly mentioned to be executed.
Example 2:
COMMAND FUP-255
DESCRIPTION "FUP as SUPER.SUPER no PURGE allowed."
USER 225,255
OBJECT $SYSTEM.SYSNN.FUP
FC#
ALLOWCMD "PURGEDATA"
DENYCMD "PURGE"
ALLOWCMD "E"
ALLOWCMD ">CONFIG"
ALLOWCMD ">LOCK"
DENYCMD ">"
ALLOWCMD "*"
Example 3 below uses the REXP_ALLOWDENY to specify that all of the ALLOWCMD
and DENYCMD specifications are regular expressions.
Example 3:
COMMAND FUP-LICENSE-DEV
USER SUPER.SUPER
OBJECT $SYSTEM.SYSNN.FUP
ACL $DEVEL
REXP_ALLOWDENY
ALLOWCMD "(INFO|EXIT)"
ALLOWCMD "LICENSE \$DEV[0-9]{1,2}\.S470\.*"
ALLOWCMD "REVOKE \$DEV[0-9]{1,2}\.S470\.*"
DENYCMD ".*"
Example 4 below uses the RE: syntax to specify that the argument immediately
following it is a regular expression.
Example 4:
COMMAND FUP-LICENSE-DEV
USER SUPER.SUPER
OBJECT $SYSTEM.SYSNN.FUP
ACL $DEVEL
ALLOWCMD "INFO"
ALLOWCMD "EXIT"
ALLOWCMD RE:"LICENSE \$DEV[0-9]{1,2}\.S470\.*"
ALLOWCMD RE:"REVOKE \$DEV[0-9]{1,2}\.S470\.*"
DENYCMD ".*"
Note: A list of ALLOWCMD entries or a mixed list of ALLOWCMD and DENYCMD
entries implicitly denies all commands that are not permitted. You can make this
more evident by adding either DENYCMD ".*" or ALLOWCMD ".*" at the end of
the list. By adding DENYCMD ".*" to the end of the list of ALLOWCMD and
DENYCMD entries, you make clear that all commands not explicitly allowed are
denied. By adding ALLOWCMD ".*" to the end of the list, you make clear that all
commands not explicitly denied are allowed.
Note: Ctrl+Y (EOF) is not affected by either ALLOWCMD or DENYCMD.