XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

241

242

243

244

245

246

247

248

249

250

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 220 Proprietary and Confidential

C91: USER_SWITCH

By default, when a process creates another process, the created process inherits the

PAID and LOGONNAME of the creator. On the other hand, XYGATEAC uses the

userid specified next to the USER keyword when XYGATEAC creates a process, but it

may not use the userid as LOGONNAME. This depends on the USER_SWITCH

values.

The USER_SWITCH keyword modifies the manner in which XYGATEAC changes

userids. The change is necessitated by the expanded use of file sharing groups in both

Guardian and OSS. This also means that the logon name will follow the ACL USER

entry for LOGON and PRIVLOGON. The USER_SWITCH can be defined in ACCONF,

ACACL or both files.

If the USER_SWITCH is present in both ACCONF and ACACL files, then the value in

XAC COMMAND entry in ACACL file will overrule the ACCONF.

There are four USER_SWITCH options:

1. SWITCH

2. LOGON

3. PRIVLOGON

4. SAFEGUARD_PRIVLOGON

Syntax:

USER_SWITCH { SWITCH | LOGON | PRIVLOGON | SAFEGUARD_PRIVLOGON }

The default value is SWITCH.

Table 5: USER_SWITCH Values (ACACL)

USER_SWITCH Values

Environment Requirements/

Created Process Attributes

SWITCH LOGON PRIVLOGON SAFEGUARD_

PRIVLOGON

Safeguard setting PASSWORD-

REQUIRED must be OFF?

NO YES NO NO

XAC USER argument can be an

alias

YES YES NO YES

FILE-SHARING groups supported

NO YES YES YES

XAC created process has

LOGONNAME of creating process

YES NO NO NO

XAC Object must have PRIV-

LOGON ON Diskfile attribute

NO NO NO YES

When configuring the USER_SWITCH keyword, keep in mind the following points: