XYGATE User Authentication Reference Manual

XYPRO Technology Corporation 47 Proprietary and Confidential

Chapter 7. Considering Additional

Logon Authorization

Controls

After the criteria are developed, there are additional keywords that can modify the

decision to permit or deny the logon attempt. For example, certain users may be

permitted to logon as other users, even when the destination userid is frozen. In

another example, certain users may be allowed to logon as another user without

knowing that user’s password. These additional modifications to control logons can be

classified as Password and Logon Control Extensions. For a full explanation and

examples of each keyword, refer to Appendix B: “The UAACL File.”

7.1 Keywords

The FROZEN_OK keyword allows a member of the FROM_USER set to logon to a

userid in the TO_USER set even if the userid is frozen as long as the FROM_USER

user enters the correct password.

The SUPERSUPEROK keyword allows SUPER.SUPER to logon to any userid

regardless of any other rule with or without the correct password.

The GROUPMANAGER_OK keyword defines how a group manager (user = 255) will

be treated.

• If GROUPMANAGER_OK is set to ON, then the group manager for a group

(group,255) is capable of logging on to any userid or Safeguard alias in the group.

• If GROUPMANAGER_OK is set to OFF, then the group manager will be evaluated

as any other userid.

The OMIT_PASSWORD_USERS keyword allows a member of the FROM_USER set

to logon to a userid in the TO_USER set, and if the FROM_USER is on the list of

OMIT_PASSWORD_USERS, the FROM_USER is not required to enter the

TO_USER’s password.

The PASSWORD_REQUIRED keyword indicates that the FROM_USER is required to

enter the password of the TO_USER userid to complete the logon.