XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

201

202

203

204

205

206

207

208

209

210

XYGATE

Compliance PRO

™

Reference Manual

Chapter 11. Access Analysis Mapping

XYPRO Technology Corporation 185 Proprietary and Confidential

11.4 XOS Access Analysis

Access Mapping for XOS can be performed on any collection from a node that

includes any volumes (not necessarily all volumes) and has the XOS Authorization

SEEP installed. During the load of such a collection, the OSCONF and OSACL files

are expanded and loaded into a database.

Note: All relevant disks (or all disks) must be included in the collection. Without the file

information, the access mapping is meaningless.

Only files that match masks in FOGROUPs are included in the output. To evaluate

access to Guardian files that are not under the protection of XOS, you must use the

Guardian Access Analysis queries.

To determine if XOS would grant the access, you must examine the selection criteria,

the PROCESS_AS keywords, and the sequence of each of the returned FOGROUPs.

The “What-if” function of XOS is the true test of a user’s access to specific files.

Note: XSW does not replicate the “What-if” function of XOS. The access map returned

is simply a list of files to which the user may have access, based on the file

masks and presence of the userid or alias in each FOGROUP’s ACL.

The output grid will include some or all of the following columns (shown in alphabetical

order):

Accesses

The combined list of the accesses granted to the user, for example (R,W)

ACLGROUP

The name of the ACLGROUP. The individual members of any ACLGROUP

will be expanded as described in section 11.4.1 on page 187.

ACL_Name

The actual name used in the ACL:

Individual or wild-carded userid or alias

ACLGROUP

UNDERLYING: or NETUNDERLYING:

OBJECT_OWNER_GROUP.OBJECT_OWNER_USER

OBJECT_OWNER_GROUP.*

ACL_No

The number sequence of the ACL_Name within the FOGROUP’s ACL. If

there are 4 entries in the ACL, the sequence numbers will be 1 to 4. The

order is important when determining the actual access that XOS will grant at

runtime.

ACL_Type

This column appears in the ACLGROUP output. The ACL_Type explains

how the expanded userids were derived:

A = specified or expanded Alias

U = specified or expanded user

S = A placeholder for an expansion, such as \*.*,255 or sup*

X = A subordinate ACLGROUP that is referenced

Alias Name

Alias name, if applicable

FileName

Filename