XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 252 Proprietary and Confidential
B3: Classifying the ACLGroups
The ACLGroup entity classifies users into logical profiles in order to simplify the
maintenance of userids in the UAGroup entries that make up the rest of the file.
Syntax:
ACLGROUP $<Group-name> <User-List> [NOT <user-list>]
ACLGROUP keyword names may be up to 31-characters in length and include
dashes ( - ). The first character must be a dollar sign ( $ ). The user list can span
multiple lines, can include spacing to make it more readable, and can include
comments. More detailed information about the syntax and examples of ACLGroups is
provided in section 1.8, “Configuring XUA Userids and Aliases” starting on page 29.
B4: Configuring TIMEGroups
The TIMEGroup entity defines a set of users that are allowed to logon during a
specified time. Time-based logons can be configured either by using the TIME
keyword within a UAGROUP (see page 287), or by using the TIME keyword within the
TIMEGROUP as shown in the following example:
Example 1: How to define a TIMEGroup entity in the UAACL file
ACLGROUP $WEEKDAYS 1,*
TIMEGROUP $LOGON-WEEKDAYS
MEMBERS $WEEKDAYS
TIME MON-FRI 08:00-17:00
UAGROUP Permit-Only-Weekdays
Description "1,* can logon only on weekdays"
FROM_USER $EVERYONE
TO_USER $WEEKDAYS
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
Example 1 above shows how to define the members in a TIMEGroup and how to
specify their logon time.
• When members of the Group 1 try to logon, XYGATEUA will first search for the
user present in the TO_USER list of the UAGROUP.
• XYGATEUA then searches for the TIMEGroup that contains the user and allows
logons based on the time for that user.
• In this case members of the Group 1 will be allowed to logon on weekdays from
8 AM to 5 PM using the UAGROUP Permit-Only-Weekdays. If the members of
Group 1 try to logon during weekends, then XYGATEUA will deny the logon.