XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

281

282

283

284

285

286

287

288

289

290

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 254 Proprietary and Confidential

B5: Configuring UAGroups

The User Authentication Group (UAGroup) entity defines the logon rules to be applied

to various sets of users. UAGroups are where you enter all the criteria necessary to

create the logon rules you want to enforce.

The keyword UAGROUP is required, and the UAACL file can have a maximum of

1,000 UAGroup entities.

Syntax:

UAGROUP <User Authentication Group Name>

The UAGROUP keyword name can be up to 31-characters long and may include any

alphanumeric character, a dollar sign ( $ ), dash ( - ), period ( . ) or underscore ( _ ).

However, the dollar sign should not be the first character of the name in order to make

it easy to distinguish UAGROUP from ACLGROUP names.

Example:

UAGROUP WHO-CAN-BE-SUPER

The name of the UAGROUP which was used to evaluate a logon request will be

recorded in the audit log and is available for display when using Explain mode with

What-if queries.

XUA searches the UAACL file for the UAGroup for which all the selection criteria

matches the characteristics of the request, and then makes a ruling based on the ACL

for that UAGROUP.

Important! Always put the most specific UAGroup before the least specific one.

UAGroups are processed in the order in which they are encountered in the UAACL file.

The individual lines within the ACL are processed in the order in which they are

encountered within the UAGROUP. Once XUA finds an entry that matches all of the

selection criteria for the current logon request, it stops searching. Therefore, the rules

you want at the top of the file are the rules that are accessed most often.

The final entries in the file should always be wildcarded “catch-all” entries that catch

any operation not defined higher in the file as shown in Example 1 below.

Example 1: Sample 'Catch All' UAGROUP

UAGROUP EVERYONE-ELSE

PASSWORD_REQUIRED ON

RESULT_GRANTED

!Selection Criteria:

FROM_USER $EVERYONE

TO_USER $EVERYONE