XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 248 Proprietary and Confidential
B1: Sample UAACL File
This sample UAACL file shows how the three entities mentioned above and the
keywords which are described in the following subsections are used in a production
environment.
Example 1: A Sample UAACL File
ACLGROUP $EVERYONE *.* ALIAS:"*"
ACLGROUP $OK2FTP 30,*
ACLGROUP $OK2SUPER 222,77
ACLGROUP $OK2PRIV 232,77 222,77
ACLGROUP $SU-OK-OSS 232,78 222,77
ACLGROUP $DONT-FREEZE 255,255 253,1 24,171 !PQTEST.USER171
ACLGROUP $PRIV-IDS 240,255 241,255 242,255 243,255 255,255
ACLGROUP $WEEKDAYS 1,*
ACLGROUP $WEEKENDS 2,*
TIMEGROUP $LOGON-WEEKDAYS
MEMBERS $WEEKDAYS
TIME MON-FRI 08:00-16:59
TIMEGROUP $LOGON-WEEKENDS
MEMBERS $WEEKENDS
TIME SAT,SUN 00:00-23:59
UAGROUP Permit-Only-Weekdays
Description "1,* can logon only on weekdays"
FROM_USER $EVERYONE
TO_USER $WEEKDAYS
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
UAGROUP Permit-Only-Weekends
Description "2,* can logon only on weekends"
FROM_USER $EVERYONE
TO_USER $WEEKENDS
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
UAGROUP SUPER-LOGON-NO-PASSWORD
DESCRIPTION "255,255 can logon as any other userid without a password"
! Except SEC.ADMIN - see next rule
PASSWORD_REQUIRED OFF
RESULT_GRANTED
!Selection Criteria:
FROM_USER 255,255
TO_USER $EVERYONE NOT 253,1
UAGROUP ALLOW-LOGON-TO-FROZEN-IDS
DESCRIPTION "255,255 & 253,1 can logon to each other, even FROZEN"
! but they need to enter the correct password
FROZEN_OK ON
PASSWORD_REQUIRED ON
OMIT_PASSWORD_USERS SUPER.SUPER !IDs who don't need a PW anyway
RESULT_GRANTED
!Selection Criteria:
FROM_USER 253,1 255,255
TO_USER $DONT-FREEZE