XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

241

242

243

244

245

246

247

248

249

250

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 215 Proprietary and Confidential

C85: TRACKUSERID

This keyword specifies that when an interprocess message, such as a prompt,

CONTROL, SETMODE, or write is received from the OBJECT program, the

XYGATEAC process will switch its userid to that of the OBJECT program’s process.

This is to track the userid (CAID) of the object program (usually a TACL) so that

commands such as <<LOG are always executed as the object program’s userid no

matter what it is.

Note: In general, do not use TRACKUSERID to start a PROGID’d OBJECT program.

For example, if you were to PROGID EDIT and then set up an XAC ACACL

COMMAND to start the PROGID’d EDIT with TRACKUSERID, the XYGATEAC

process would adopt the userid of the PROGID’d Edit and allow you to <<RUN

other programs as that userid.

TRACKUSERID will follow the CAID of the one process XAC started directly which is

the OBJECT program. It will not follow secondary processes started by the OBJECT

program. When the CHANGEUSER_TO / CHANGEUSER_FROM keywords are being

used, the TACL (OBJECT program) will change userids (PAIDs) as allowed by the

CHANGEUSER keywords. These userid changes will not change the CAID. Only a

user who actually knows and enters a userid’s true password (or gets to a privileged

userid such as 255,255 or *,255) will be able to change the CAID of the TACL. If

TRACKUSERID is in use, then that CAID userid will be the one which XAC uses to

determine the CHANGEUSER_FROM userid.

Example:

COMMAND AUDITED-TACL

DESCRIPTION "GENERAL TRACKER"

USER GROUP,USER

OBJECT $SYSTEM.SYSNN.TACL

ACL *.* ALIAS:"*"

TIMEOUT 1800

STOPONERROR 66,140,190,191

CHECKCONNECTION 500 50

OPENSBYOBJECTS \*.$*.*.*

BLANKPASSWORD

RESTART

TRACKUSERID

The TRACKUSERID keyword cannot follow volume changes made within a macro. In

order to ensure that XAC can follow the VOLUME commands within a macro, you

should add the VOLMAC macro to your TACLLOCL file by adding the following line:

Run $<vol>.<subvol>.VOLMAC

Where $<vol>.<subvol> represents the XYGATEAC location on your system.