XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Appendix C: The ACACL File
XYPRO Technology Corporation 216 Proprietary and Confidential
C86: TRACKUSER_OBJECT
This keyword extends the functionality of TRACKUSERID to subordinate programs
started within a session.
The TRACKUSERID keyword tracks userid changes for the object specified in the
ACACL entry. Unfortunately, when XAC is used to secure a dynamic TCP/IP
Safeguard session, the program started is “LOGON,” which terminates as soon as it
starts the TACL. That means that TRACKUSERID effectively fails because the
program it was tracking, “LOGON,” is gone.
With the addition of the TRACKUSER_OBJECT keyword, an additional object
program, such as $SYSTEM.SYSNN.TACL, can be tracked. With this new keyword,
TRACKUSERID will not look at the top level object; when an object on the
TRACKUSER_OBJECT list is opened by XYGATEAC, it will watch that process for
userid changes until that process goes away.
Only the first open by a TRACKUSER_OBJECT is used.
Example:
COMMAND SGETACL
DESCRIPTION "SAFEGUARD STARTED XAC TACL"
USER GROUP,USER
OBJECT $SYSTEM.SYSTEM.LOGON
ACL $EVERYONE
OPENSBYOBJECTS \*.$*.*.*
START_LOGGED_OFF
BLANKPASSWORD
STOPONERROR 140,190,191,60,66
TRACKUSERID
TRACKUSER_OBJECT $SYSTEM.SYSNN.TACL
In this example, the LOGON program starts the TACL program and then disappears.
Because of the TRACKUSER_OBJECT keyword, the TRACKUSERID function will be
applied to TACL.