XYGATE User Authentication Reference Manual
XYGATE
®
User Authentication
™
Reference Manual
Chapter 2. Node-Conditional Processing in the UAACL File
XYPRO Technology Corporation 37 Proprietary and Confidential
ACL $SUPER
FC? FCPROMPT "> "
OPENSBYOBJECTS $*.*.SCF*
$*.ZTCP*.*
ALLOWCMD "EXIT"
ALLOWCMD "HELP"
ALLOWCMD "Y"
ALLOWCMD "STOP $ATMTST"
ALLOWCMD "START $ATMTST"
ALLOWCMD "ABORT $ATMTST"
ALLOWCMD "ALTER $ATMTST"
ALLOWCMD "STATUS $ATMTST"
DENYCMD *
#ENDIF
In Example 4 below, members of the $DBA ACLGROUP can manage the databases
on both the development and production nodes. On production nodes, volume names
begin with $S1D, while on the development nodes, the names begin $D1V.
Example 4: OSACL Conditional Command
OSGROUP SECURE-DATABASE-DISKS
DESCRIPTION "Databases reside on $DATAnn disks on Prod; $DISCnn on Dev"
!Selection Criteria:
USER $DBA !\*.200,* (DBA's)
#IF @NODE LIKE "\\PROD.*"
MASK RE:"^\$S1D[0-9][0-9]\.DAT[RPB]064\..*"
RE:"^\$S1D[0-9][0-9]\.EG.*\..*"
#ENDIF
#IF @NODE LIKE "\\DEV.*"
MASK RE:"^\$D1V[0-9][0-9]\.DAT[RPB]064\..*"
RE:"^\$D1V[0-9][0-9]\.EG.*\..*"
#ENDIF
!Access granted:
ACL $DBA R,W,P,C
!Other
PROCESS_AS_ACL
AUDIT_ACCESS_PASS ON
AUDIT_ACCESS_FAIL ON
2.4 Configuring Logon Controls
This section deals with all the information needed to configure XUA to control the
logon process. The two main configuration files are the UACONF and the UAACL.
Using XUA requires mapping each user to the appropriate controls based on the user,
the user’s port and the program the user is using to log on. Controls may differ based
on any of these values. For example, SUPER.SUPER may be set to never be frozen,
whereas other userids could be set to freeze
The first step in developing an XUA configuration is to determine the logon rules. If the
XUA rule is treated as an English-language sentence in the form of “IF . . . THEN,” the
criteria specifying which logons the rule will apply to, all belong to the IF clause. Here
are few examples of such rules: