XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

XYGATE

Compliance PRO

™

Reference Manual

Chapter 11. Access Analysis Mapping

XYPRO Technology Corporation 198 Proprietary and Confidential

11.8.2 ACLGROUPS Query

The ACLGROUPS query returns a list of all the ACLGROUPs in the ACACL file. There

will be a line per ACL entry. If the ACL entry is an ACLGROUP, there will be a row for

each userid and/or alias in the ACLGROUP. Likewise, the UNDERLYING and

NETUNDERLYING entries will generate a row for each alias with the indicated

underlying ID. Refer to section 11.4.1, “How User-Related Entries are Expanded in

XOS Queries” on page 187.

The ACL_Types are:

A specified or expanded Alias. An expanded alias is the result of the UNDERLYING,

NETUNDERLYING keywords or a wild-carded ALIAS entry such as ALIAS:"sup-*"

A specified or expanded userid. An expanded userid is the result of a wildcarding userids

such as SUPER.*.

A placeholder in the ACLGROUP for an expansion, such as \*.*,255, NETUNDERLYING:

or UNDERLYING.

A subordinate ACLGROUP referenced within the current ACLGROUP.

The Permission column will always contain "ALLOW" unless the NOT or DENY

keyword is present in an ACLGROUP. This is the only query that will show you users

who are excluded from a wild-carded user set. In other queries, such as Userlist by

Command, excluded users will simply not be included in the grid because they are not

allowed to run the particular command.

11.8.3 ALLOW/DENY by Command Query

This query returns a list of users affected by any ALLOWCMD entries. It returns XAC

COMMANDs that allow access to commands within the utility designated by the

OBJECT keyword. There will be a row per user in the Command’s ACL.

The Permission Column will show ALLOW or DENY.

• If the ALLOWCMD argument is not a regular expression wildcard, the argument

(command) is put in the CMD column and the Re_Modifier column will be empty.

• If the ALLOWCMD argument is a regular expression, the entire regular expression

is put in the Re_Modifier Column and the CMD column will be empty.

In the XAC Command Permission CMD Re_Modifier Column

ALLOWCMD "PURGE" ALLOW PURGE

ALLOWCMD RE:"^{INFO|EXIT)" ALLOW

^{INFO|EXIT)

ALLOWCMD RE:"LICENSE \$DEV[0-9]

{1,2}\.S470\.*"

ALLOW

LICENSE \$DEV[0-9]{1,2}\.S470\.*

DENYCMD RE:"^(STAT|STATU|INF|N|NA|

NAM|NAME|NAMES).*(SU A|SUB A){1,4}"

DENY

^(STAT|STATU|INF|N|NA|NAM|NAME|

NAMES).*(SU A|SUB A){1,4}