XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 205 Proprietary and Confidential
C72: REXP_ALLOWDENY
This keyword permits the use of regular expressions in ALLOWCMD and DENYCMD
arguments. Without this keyword, the arguments to ALLOWCMD and DENYCMD must
conform to "begins with" rules.
Example:
COMMAND SCF-DEV-LINES
DESCRIPTION "SCF COMMAND TO MANAGE DEV. ATMS"
USER SUPER.COMLINES
OBJECT $SYSTEM.SYSTEM.SCF
ACL $DEVEL
OPENSBYOBJECTS \*.$*.*.*
REXP_ALLOWDENY
ALLOWCMD "ABORT.*$DEV[0-9]{1,2}"
ALLOWCMD "STATUS.*$DEV[0-9]{1,2}"
ALLOWCMD "START.*$DEV[0-9]{1,2}"
ALLOWCMD "EXIT"
This example allows members of the $DEVEL group to ABORT, STATUS or START
devices with a name that begins with $DEV and is followed by one or two numeric
characters.
Note that the equivalent functionality can be achieved by omitting the
REXP_ALLOWDENY keyword and prefixing each ALLOWCMD with RE: as in the
following example:
Example:
COMMAND SCF-DEV-LINES
DESCRIPTION "SCF COMMAND TO MANAGE DEV. ATMS"
USER SUPER.COMLINES
OBJECT $SYSTEM.SYSTEM.SCF
ACL $DEVEL
OPENSBYOBJECTS \*.$*.*.*
ALLOWCMD RE:"ABORT.*$DEV[0-9]{1,2}"
ALLOWCMD RE:"STATUS.*$DEV[0-9]{1,2}"
ALLOWCMD RE:"START.*$DEV[0-9]{1,2}"
ALLOWCMD "EXIT"
This example above provides the same list of commands that are allowed as the first
example, but they are specified using RE: on each line containing a regular
expression.
C73: RUN_UNTIL_CLOSED
This keyword tells XAC to continue to run even after the program named in OBJECT
has stopped until all subordinate programs that were started have stopped. Without
this keyword, the XAC program would terminate itself, causing the appropriate 60, 66
and 201 errors to be sent to the subordinate programs that had been started.
Note that this can cause XYGATEAC to persist for quite a while after the session’s
OBJECT ended if some long running program such as MEASURE or PATHMON was
started from the session.