XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

311

312

313

314

315

316

317

318

319

320

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 287 Proprietary and Confidential

B48: TIME

The TIME keyword defines the day and time range when logons are allowed. XUA will

search for the user in both UAGroup and TIMEGroups (see page 252) and combine

the restrictions to rule on the logon request.

Syntax:

TIME { <comma-separated three-letter-abbreviated days of the week> |

[-<range of days] | <single day> } <military time range>

In the Example below, members of the group will be allowed to logon on weekends

from 8 AM to 5 PM, but no other time.

Example: How to define TIME in the UAGROUP

ACLGROUP $WEEKENDS 2,*

UAGROUP Permit-Only-Weekends

Description "2,* can logon only on weekends"

FROM_USER $EVERYONE

TO_USER $WEEKENDS

TIME SAT,SUN 08:00-17:00

AUDIT_ACCESS_PASS ON

AUDIT_ACCESS_FAIL ON

Important! XUA will search for the user on the TO_USER list of the UAGROUP.

Because the matching UAGROUP also contains the TIME keyword, XUA will not look

for TIMEGROUP. The time restrictions of the TIME keyword within the UAGROUP will

be used to rule on the logon request in addition to other UAGroup controls.

Example: User’s logon rejected when outside of allowed timeframe

$DATAA.GRP2 1> logon GRP2.TST1

Password:

*ERROR* Logon attempted outside of allowed timeframes

$DATAA.GRP2 2>

B49: TO_USER

This is a space-separated list of target userids that can be impersonated.

Syntax:

TO_USER <user list>

In the Example below, only members of the ACLGROUP $PRIV-PEOPLE can logon to

SUPER.SUPER.

Example:

UAGROUP WHO-CAN-BE-SUPER

!Selection Criteria:

FROM_USER $PRIV-PEOPLE

TO_USER SUPER.SUPER