XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

201

202

203

204

205

206

207

208

209

210

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 173 Proprietary and Confidential

C29: ECHOINPUT

This keyword will echo the input sent to a program to the output file. This command is

useful for batch XAC commands where you want the complete input file on the output

record.

Example:

COMMAND BIG-BATCH-FILE

DESCRIPTION "EXECUTES EVENING BATCH RUN"

USER APP.OWNER

OBJECT $SYSTEM.SYSNN.TACL

ACL $OPERS

ECHOINPUT

INPUT "XAC_RUN_MACRO $WORK.OPER.STRTBTCH %1 %2 %3"

INPUT "XAC_RUN_MACRO $WORK.OPER.NETRUN %1 %4 %5"

With the ECHOINPUT keyword set, the commands that occur with the parameters %1,

%2, etc. substituted with the correct values will be written to the output file as well as

executed.

C30: EMS_CRITICAL_IF_DENIED

This keyword causes XAC to set the critical flag on an EMS audit message that reports

an attempt by a user to execute a command within this ACACL Command Entry for

which the user has not been authorized. This keyword only applies when at least one

of the AUDIT entries points to EMS. Having the critical flag set can affect the behavior

of some EMS management products.

Syntax:

EMS_CRITICAL_IF_DENIED { ON | OFF }

Example:

COMMAND FUP-LICENSE

DESCRIPTION "FUP FOR DEVELOPERS"

USER SUPER.SUPER

OBJECT $SYSTEM.SYSNN.FUP

ACL $DEVEL

ALLOWCMD RE:"LICENSE \$DEV[0-9]{1,2}\.APPS\..*"

ALLOWCMD RE:"REVOKE \$DEV[0-9]{1,2}\.APPS\..*"

ALLOWCMD "INFO"

ALLOWCMD "EXIT"

EMS_CRITICAL_IF_DENIED ON

In this example, the EMS_CRITICAL_IF_DENIED flag is set to ON, so that any time a

user attempts to access a command for which he or she is not authorized, the audit

message written to EMS will have the critical flag set.

This value overrides that of the EMS_CRITICAL_IF_DENIED keyword in the ACCONF

file.