XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

201

202

203

204

205

206

207

208

209

210

XYGATE

Compliance PRO

™

Reference Manual

Chapter 11. Access Analysis Mapping

XYPRO Technology Corporation 188 Proprietary and Confidential

For the variations on the OBJECT_OWNER_GROUP, OBJECT_OWNER_USER

keyword, (OOG, <number> or <number,>, OOU), the mask will often be $*.*.*. Rather

than include all the files on the system, there will be a single "place holder" row noting

the occurrence of each of these keywords in an FOGROUP’s ACL to indicate that the

selected user has access to his own files regardless of their location or name. To save

space, the keywords are abbreviated to OWNGRP.OWNUSER in the grid.

11.4.2 The XOS Access Queries

The available queries are:

• Files by User

• Subvols by User

• Access to Files

• ACL Masks

• ACLGROUPS

• DOGROUPS

• FOGROUPS

• POGROUPS

To determine if XOS would grant access to files on the list, you must examine the

selection criteria, the PROCESS_AS keywords, and the sequence in which the

FOGROUPs would be processed.

Note: XSW does not replicate the “What-if” function of XOS. It cannot make access

rulings because it cannot take into account runtime selection criteria such as

REQUESTOR or USER or OPERATION. It does not evaluate the

PROCESS_AS keywords that can cause one FOGROUP to be used over

another. The access map returned is simply a list of files the user might have

access to, based on the file masks and presence of the userid or alias in the

FOGROUPs’ ACLs.

Note: The “What-if” function of XOS is the true test of user’s access to specific files.

Note: Only files protected by XOS are included in the results. Files that XOS will not

make a ruling for will not be included in the output.

Files by User Query

Entering a specific (no wildcarding) userid, alias, or ACLGROUP, will return the set of

Guardian files protected by XOS to which the selected user or alias may have access.

There will be a row per file per ACL_NAME. The userids and aliases will be expanded

as described in section 11.4.1, “How User-Related Entries are Expanded in XOS

Queries” on page 187.