XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 170 Proprietary and Confidential
The above example would keep the "License" command from being executed by
anyone using the FUP-SUPER ACACL Command Entry.
Example:
COMMAND SCF-DEV
DESCRIPTION "SCF that doesn't allow you to touch production lines"
USER 255,255
OBJECT $SYSTEM.SYSNN.SCF
ACL $DEV
FC# FCPROMPT "> "
OPENSBYOBJECTS $SYSTEM.SYS*.SCF*
REXP_ALLOWDENY
DENYCMD ".*\$ATL[A-Z0-9]{1,3}.*"
DENYCMD ".*\$ATM[A-Z0-9]{1,3}.*"
ALLOWCMD ".*"
The above example uses the REXP_ALLOWDENY keyword to indicate that all of the
DENYCMDs in the ACACL Command Entry will be specified as regular expressions.
Example:
COMMAND SCF-DEV
DESCRIPTION "SCF that doesn't allow you to touch production lines"
USER 255,255
OBJECT $SYSTEM.SYSNN.SCF
ACL $DEV
FC# FCPROMPT "> "
OPENSBYOBJECTS $SYSTEM.SYS*.SCF*
DENYCMD ">LOCK"
DENYCMD RE:".*\$ATL[A-Z0-9]{1,3}.*"
DENYCMD RE:".*\$ATM[A-Z0-9]{1,3}.*"
ALLOWCMD "*"
The above example uses the RE: syntax to indicate that the argument to a specific
DENYCMD is a regular expression.
Note: You must have XAC’s FC, FC# or FC? keyword set when using the DENYCMD
and ALLOWCMD keywords. Otherwise, the user can circumvent a restriction by
deliberately misspelling the denied command and using the OBJECT program’s
Fix Command (FC) capability to reconstruct the denied command without XAC
being able to filter it.
C25: DEVICEINFO_REPLY
This keyword controls the value that is returned when a DEVICEINFO call is made
against the XAC process. This keyword deals with DEVICEINFO calls made to the
XAC .#IN subdevice.
Syntax:
DEVICEINFO_REPLY <Type> <Subtype> <Record length>
Example:
DEVICEINFO_REPLY 46 0 0