XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Chapter 2. Node-Conditional Processing in the UAACL File
XYPRO Technology Corporation 36 Proprietary and Confidential
Example 3: Node Name Specified With a Regular Expression
#IF #NODE LIKE "\\MEL[0-9]{1,4}"
...conditional text to include...
#END IF
2.3 Conditional Text
The conditional text that is included or excluded from the UAACL file based on the
node name must be expected for the XYGATE module’s UAACL file. For example, a
conditional text inclusion for XUA might be:
Example 1: Node-Conditionals within an ACLGROUP
ACLGROUP $SECMGR
#IF @NODE = "\\WIRE.*"
\*.253,1 NETUNDERLYING:\WIRE*.253,1 !SEC.MGR
#ENDIF
#IF @NODE <> "\\PRWEST.*"
\*.100,255 NETUNDERLYING:\PRWEST.100,255 !CSEC.ADMIN
#ENDIF
Example 1 above shows how to simplify things if, for example due to a merger, the ID
used to administer security is different on some nodes. In this situation, you can
specify an ACLGROUP with node-conditionals to designate the appropriate IDs on
each node. If you then use the ACLGROUPs in FOGROUPs, PCGROUPs,
HEGROUPs, etc., you can be sure that the security rules are equivalent, regardless of
the actual ID in use on a particular node. This will also make things easier when you
eventually transition to using a single, standard ID for all nodes. At that time, you will
only have to alter the ACLGroups, not all the rules for the various XYGATE products.
Most XYGATE products include ACLGroups in their UAACL file. In Example 2 below,
the ACLGROUP $SUPER will include members of the PROG user group when on a
node named \DEV. The ACLGroup on any other node will not include the PROG
group.
Example 2: Conditional within an ACLGROUP
ACLGROUP $SUPER
TECH.HARI
TECH.SAMI
#IF @NODE = "\DEV"
PROG.*
#ENDIF
Finally, entire commands can be included as conditional text. In Example 3 below, the
XAC COMMAND named SCF-DEV will only be available on the \DEV node. It will not
be available on any other node.
Example 3: ACACL Conditional Command
#IF @NODE = "\DEV"
COMMAND SCF-DEV
USER SUPER.SUPER
OBJECT $SYSTEM.SYSTEM.SCF