Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
XYGATE
®
User Authentication
Reference Manual
Chapter 2. Node-Conditional Processing in the UAACL File
XYPRO Technology Corporation 38 Proprietary and Confidential
If a member of the TECH SUPPORT staff tries to log on to a logged-off dial access
terminal, permit it.
If a member of the OPERATIONS staff tries to log on to a logged-off dial access
terminal, deny it.
If a member of the OPERATIONS staff tries to log on off-hours, permit it.
If a member of the OPERATIONS staff tries to log on to a terminal in the
operations area, either logged off or already logged on as another member of the
OPERATIONS staff, permit it.
If SUPER.SUPER tries to log on to a terminal that is already logged on as a
member of the TECH SUPPORT staff, permit it.
If SUPER.SUPER tries to log on to a terminal that is logged off, deny it.
If the APPLICATION userid is used to log on to a TCP/IP terminal either logged off
or already logged as any userid, deny it.
If the APPLICATION userid is used to log on to a NetBatch session, permit it.
After the criteria are developed, the modifiers that allow altered behavior will be
discussed. For a full explanation and examples of each keyword, refer to Appendix B:
The UAACL File.”
There are two different sets of users involved in an XUA transaction. The first set (the
FROM_USER argument) identifies who is already logged on, or the actual state of
being logged off. The second set (the TO_USER argument) identifies which userids
can be logged into by a member of the FROM_USER set.
If SUPER.SUPER tries to log on to a terminal that is already logged on as a
member of the TECH SUPPORT staff, permit it.
In this example the FROM_USER set contains the members of the TECH SUPPORT
staff. The TO_USER set is the SUPER.SUPER userid.
The two different sets of users are required criteria for every XUA rule. The following is
an example of the UAACL configuration that implements the rule If SUPER.SUPER
tries to log on to a terminal that is logged off, deny it.”
Example: Controlling LOGONS based on userids
UAGROUP Must-be-logged-on-for-super
FROM_USER 0,0
TO_USER 255,255
RESULT_DENIED