XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Introduction
XYPRO Technology Corporation xxiii Proprietary and Confidential
Special Purpose TACLs
There are two kinds of special purpose TACLs. The first permits users to execute all
their functions under a TACL running as a different userid without the user having any
knowledge of the password to that userid. This approach is most commonly used
when the operating environment requires a single defined userid to perform all the
tasks. One example of this might be an environment that has been built assuming that
PROD.OWNER will start and stop the PATHWAY environment. In this case, the
operations environment generally gives the password to PROD.OWNER to all the
operators who may have to start and stop the PATHWAY, leading to a total lack of
accountability.
By using this special purpose TACL to obtain access to a specific userid,
accountability is restored by giving each user his or her own userid and then allowing
the user to have access to the special purpose TACL. Because the XAC session
audits the user’s own userid, each action taken with the special purpose TACL can be
accounted for.
Example:
COMMAND TACL-PROD-OWNER
OBJECT $SYSTEM.SYSNN.TACL
USER PROD.OWNER
ACL $OPERS
NULLNULLSTOP
BLANKPASSWORD
START_LOGGED_ON
DONOTSTOP \*.$*.*.*
TIMEOUT 1800 PASSWORDTIMEOUT 600
VERIFYUSER $OPERS
OPENSBYOBJECTS \*.$*.*.*
FC FCPROMPT "> "
ALIAS "OBEY" ">OBEY"
ALIAS "O " ">OBEY "
ALIAS "O$" ">OBEY $"
ALIAS "O\" ">OBEY \"
TRACKVOLUME
ALIAS_ALL_PROCESSES
The second kind of special purpose TACL is an XAC TACL that executes a macro.
This might be needed if the macro is required to run under a specific userid and might
need to be run by many different individuals.
Example:
COMMAND START-MACRO-1
DESCRIPTION "APPLICATION START MACRO"
USER PROD.OWNER
OBJECT $SYSTEM.SYSNN.TACL
ACL $OPERS
START_LOGGED_ON
STARTUP ""
INPUT "XAC_RUN_MACRO -EXIT -PLAIN $WORK.OPER.APPSTRT~;#SET #EXIT 1"