XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Appendix B: The UAACL File
XYPRO Technology Corporation 280 Proprietary and Confidential
B41: REQUESTOR
The REQUESTOR keyword allows the selection of userids to which these rules apply
based on the wildcarded object file of the process requesting the logon. A
REQUESTOR of * (asterisk) represents all requestors.
Note: To prevent unexpected syntax errors, always put the REQUESTOR keyword
last in any UAGroup where it is used.
Syntax:
REQUESTOR <object filename>
Example 1 below will allow everyone from the ACLGroup $EVERYONE to logon as
anybody if the requestor is $SYSTEM.XYGATEAC.XYGATEAC.
Example 1: How to restrict logons based on the requesting program
UAGROUP XYGATE-ACCESS-CONTROL
DESCRIPTION "XAC CAN LOGON AS ANYONE"
!Selection Criteria:
FROM_USER $EVERYONE
TO_USER $EVERYONE
REQUESTOR $SYSTEM.XYGATEAC.XYGATEAC
Example 2 below will prevent anyone from logging onto SUPER,SUPER, SEC.ADMIN,
or APP1.OWNER from a not logged on TACL (which runs as NULL.NULL) if the
requestor is $SYSTEM.SYSnn.LOGIN, the program which mediates logons for the
OSS environment.
Example 2: How to enforce stepped logons in OSS
UAGROUP STEPPED-LOGONS-OSS
DESCRIPTION "must logon to own id before privid"
RESULT_DENIED
!Selection Criteria:
FROM_USER NULL.NULL
TO_USER SUPER.SUPER SEC.ADMIN APP1.OWNER
REQUESTOR $SYSTEM.SYSnn.LOGIN
Example 3 below will allow members of the TECH group to su to SUPER,SUPER.
Example 3: How to allow selected users to su to SUPER.SUPER
UAGROUP AUTH-USERS-su-2-PRIVIDS
DESCRIPTION "These users are GRANTED to su to protected userids"
RESULT_GRANTED
!Selection Criteria:
FROM_USER TECH.*
TO_USER SUPER.SUPER
PASSWORD_REQUIRED ON
REQUESTOR /bin/su