Manualshelf

XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
XYGATE
®
Access Control Reference Manual
Chapter 2. Configuring XAC
XYPRO Technology Corporation 40 Proprietary and Confidential
In Example 2 above:
a)
the local alias
"bryan"
(not BRYAN)
b)
the alias "bryan" on any node in the network
c)
any local alias beginning with the uppercase characters
WIRE-
d)
any remote alias beginning with the uppercase characters WIRE-
e)
local WIRE-blh
f)
network WIRE-blh
g)
aliases beginning with WIRE- from nodes beginning with \N1
h)
WIRE-blh remote from the \DATA node
i)
aliases beginning with three characters and ending in -WIRE from node \DATA
j)
aliases beginning with some character followed by two numbers and ending in -WIRE
from node \DATA
Notice that node names within the quotation marks can also be wildcarded with a
trailing asterisk ( * ). Also, remember that the HP NonStop will always upshift node
names, so they must always be uppercase within the quotation marks.
2.7.3 ACLGROUPs
ACLGROUP entries allow profiling of users by job function. For example, you may
want to allow certain operators to perform some of the tasks of SUPER group
members. To do this you can create an ACLGROUP named $PRIVILEGED, which will
include both the SUPER group and the privileged operators.
ACLGROUPs must be defined at the beginning of the ACACL file before any rules.
ACLGROUPs can be used almost anywhere that you would use a userid or alias as an
argument to a keyword in XAC. Refer to the Sample ACACL File in Appendix C1: on
page 123.
Syntax:
ACLGROUP <$ACLGROUP-name> [ [\Node.]<Group Name>.<User Name> ]
[ [\Node.]<Group Number>,<User Number> ]
[ NETUNDERLYING:[\Node.]<Group Name>.<User Name> ]
[ NETUNDERLYING:[\Node.]<Group Number>,<User Number> ]
[ UNDERLYING:<Group Name>.<User Name> ]
[ UNDERLYING:<Group Number>,<User Number> ]
[ ALIAS:"[\NODE.]<alias>" ]
[ <existing $ACLGROUP-name> ]
Example:
ACLGROUP $SUPER \*.255,* ! \*.SUPER.*
NETUNDERLYING:\*.SUPER.SUPER ! all aliases underlying \*.255,255
CHANGE.ADMIN ! 250,255
alias:"change-admin" ! alias underlying CHANGE.ADMIN