XYGATE Compliance PRO (XSW) Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

XYGATE

Compliance PRO

™

Reference Manual

Chapter 11. Access Analysis Mapping

XYPRO Technology Corporation 199 Proprietary and Confidential

If you want to see a list of all the ALLOW/DENY commands for a particular object file

such as SCF, use the List by Object query. This will return a list of all the commands

that execute the selected object file. There will be a row per user in each COMMAND’s

ACL.

11.8.4 COMMANDS Query

This query returns a list of all the XAC commands in the ACACL file. There will be one

row per COMMAND.

If an asterisk ( * ) is present for items such as the AUDIT settings, the value is

defaulting to that set in the ACCONF file. For example, if a COMMAND does not

contain the keywords INVOKE or DETAIL, the values for these keywords in the

OSCONF are used by XOS and displayed by XSW.

11.8.5 Commands by User Query

This query returns a list of the XAC commands that the selected user(s) can invoke. It

returns a row per user in each command’s ACL that applies to the specified user. You

can select an individual userid, alias or an ACLGROUP. Note that any command with

a wild-carded ACL_Name that matches the selected userid or alias will be included in

the list.

If you search for an individual user or alias, that user number, user name or alias name

will be the ACL_NAME and the ACL_TYPE will always be U or A because all wild-

carded user entries and ACLGROUPs have already been expanded.

If you search for an ACLGROUP, the ACLGROUP will be shown as the ACL_NAME

and the ACL_TYPE will be S, because it is a placeholder for an expansion of the

userids.

Use the Commands by User Query to find all the XAC commands that a given user

can invoke and that members of the selected ACLGROUP can invoke.

Also, note that the ACL_NAME shows the user as entered in the ACACL file. If the

user is entered as a name such as OPER.HERB, that is what will be shown in this

column. If the user is entered as a number such as 240,1, that is what will be shown in

this column. Therefore, remember to look for both when checking to see which

commands the user can run, or else use the USER_NUMBER columns as your

reference point.

11.8.6 List by Object Query

This query returns the list of users who can execute the selected object file (program)

by invoking an XAC command. All the object files present in the ACACL are presented

in the drop-down list. There will be a row per user in the Command’s ACL.