XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

XYGATE

Access Control Reference Manual

Chapter 3. Node-Conditional Processing in the ACACL File

XYPRO Technology Corporation 46 Proprietary and Confidential

Example 1 shows how to simplify things if, due to a merger, the ID used to administer

security is different on some nodes. In this situation, you can use an ACLGROUP with

node-conditionals to designate the appropriate IDs on each node. If you then use the

ACLGROUPs in FOGROUPs, PCGROUPs, HEGROUPs, etc., you can be sure that

the security rules are equivalent, regardless of the actual ID in use on a particular

node. This will also make things easier when you eventually transition to using a

single, standard ID for all nodes. At that time, you will only need to alter the

ACLGROUPs, not all the rules for the various XYGATE products.

Example 2: Conditional Within ACLGROUP

ACLGROUP $SUPER

TECH.HARI

TECH.SAMI

#IF @NODE = "\DEV"

PROG.*

#ENDIF

Most XYGATE products include ACLGROUPs in their ACACL file. In Example 2

above, the $SUPER ACLGROUP will include members of the PROG user group when

on a node named \DEV. The ACLGROUP on any other node will node include the

PROG group.

Finally, entire commands can be included as conditional text. In Example 3 below, the

XAC COMMAND named SCF-DEV will only be available on the \DEV node. It will not

be available on any other node.

Example 3: ACACL Conditional Command

#IF @NODE = "\DEV"

COMMAND SCF-DEV

USER SUPER.SUPER

OBJECT $SYSTEM.SYSTEM.SCF

ACL $SUPER

FC? FCPROMPT "> "

OPENSBYOBJECTS $*.*.SCF*

$*.ZTCP*.*

ALLOWCMD "EXIT"

ALLOWCMD "HELP"

ALLOWCMD "Y"

ALLOWCMD "STOP $ATMTST"

ALLOWCMD "START $ATMTST"

ALLOWCMD "ABORT $ATMTST"

ALLOWCMD "ALTER $ATMTST"

ALLOWCMD "STATUS $ATMTST"

DENYCMD *

#ENDIF

In Example 4 below, members of the $DBA ACLGROUP can manage the databases

on both the development and production nodes. On production nodes, volume names

begin with $S1D, while on the development nodes, the names begin $D1V.

Example 4: OSACL Conditional Command

OSGROUP SECURE-DATABASE-DISKS

DESCRIPTION "Databases reside on $DATAnn disks on Prod; $DISCnn on Dev"