XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Introduction
XYPRO Technology Corporation xxiv Proprietary and Confidential
Individual XAC Command Entry
An individual XAC Command Entry is designed to start a Guardian utility, third-party
application or user-supplied program with a PAID of a specified userid. There is an
object file to be executed and there are restrictions on who can execute the Command
Entry. Additional keywords can be used to control other aspects such as
subcommands that can be executed, timeouts and auditing.
Example:
COMMAND SCF-255
OBJECT $SYSTEM.SYSTEM.SCF
USER 255,255
ACL $SUPER $SECURITY
TIMEOUT 900
OPENSBYOBJECTS $SYSTEM.SYSTEM.Z???SCF
MULTIPLECOMMANDSEP ;
This command, for example, will execute the Guardian utility SCF with a PAID of
255,255. Any user who is a member of the defined profile $SUPER $SECURITY
ACLGROUPs can use this command. After 900 seconds (15 minutes) of inactivity,
XAC will terminate command execution.
Design Your Own XAC ACACL Command Entry
There are four data items that are the basis of every Command Entry:
1. What program is being run?
2. What userid will the program run as?
3. Who needs to execute this entry?
4. Is control over the commands within the program required?
For example, if a request came in to make SCF available to the development staff in
order to reset the test lines for an ATM application, the answers might be:
1. SCF which gives you the name of the OBJECT to be run
2. SUPER.SUPER which gives you the USER argument
3. DEV.* which gives you the ACL argument
4. Yes - Only commands that affect lines $DEV1 and $DEV2 can be used, which
defines an ALLOWCMD set.
The development could lead to:
COMMAND SCF-DEV
DESCRPTION "ALLOWS DEVELOPERS TO RESET LINES"
USER SUPER.SUPER
OBJECT $SYSTEM.SYSTEM.SCF
ACL DEV.*
FC? FCPROMPT "> "