|
|
An access control list (ACL) specifies who and what is authorized to access BEA Tuxedo system objects. The Access Control List MIB enables a system manager to administer Tuxedo security by authenticating users, setting permissions, and controlling access. It defines the objects controlled by the ACL facility. These MIB objects are grouped into three major categories.
The Access Control List MIB consists of the following groups.
For Tuxedo security, define application security options in the Domain group. This group lets you specify a user identity and security type used by your Tuxedo application. The users and remote domains in an application that need authentication and authorization are collectively known as principals. The managed objects for getting or setting the values of principals are defined in the tuxTAclPrinTbl group. The managed objects for getting or setting the values of ACL groups are defined in the tuxTAclGrpTable. The Access Control List MIB, as a whole, specifies the principals and access control lists for Tuxedo applications services, application queues, and events. You can define these ACL permissions for service, event, and application queue names. The managed objects that enable you to do define the ACL permissions are defined in the tuxTAclPermTable group. All these ACL MIB groups and their objects are described in the following sections.
The tuxTAclGrpTable group contains objects that represent groups of Tuxedo application users and domains. The following table lists the managed objects that are part of the tuxTAclGrpTable group. To create a new row in the table, it is necessary to issue a SET request for a non-existing row.
Logical name of the group. A group name is a string of printable characters and cannot contain a pound sign, comma, colon, or newline.
| Note: | This object can be set only during row creation. |
Group identifier associated with this user. A value of 0 indicates the default group other. If the group identifier is not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
INTEGER { valid(1), invalid(2) }
The values for GET and SET operations are as follows:
GET: valid(1)
GET operation retrieves configuration information for the selected tuxTAclGrpTable instance(s). The following state indicates the meaning of a tuxTAclGrpState returned in response to a GET request. States not listed are not returned.
valid(1)
tuxTAclGrpTable instance is defined and inactive. Note that valid(1) is the only valid state for this class. ACL groups are never active.
SET: invalid(2)
SET operation updates configuration information for the selected tuxTAclGrpTable instance. The following state indicates the meaning of a tuxTAclGrpState set in a SET request. States not listed might not be set.
invalid(2)
tuxTAclGrpTable instance for application. Successful return removes the instance from the table.
The tuxTAclPermTable group indicates what groups are allowed to access Tuxedo system entities. These entities are named by a string. The names currently represent service names, event names, and application queue names. To create a new row in this table, it is necessary to issue a SET request for a non-existing row that specifies at least the values for tuxTAclPermName and tuxTAclPermType.
The name of the entity for which permissions are being granted. The name can represent a service name, an event name, and/or a queue name. An ACL name is a string of printable characters and cannot contain a colon, pound sign, or newline.
| Note: | This object can be set only during row creation. |
INTEGER { enq(1), deq(2), service(3), postevent(4) }
The type of the entity for which permissions are being granted.
| Note: | This object can be set only during row creation. |
A comma-separated list of group identifiers (numbers) that are permitted access to the associated entity.
INTEGER { valid(1), invalid(2) }
The values for GET and SET operations are as follows:
GET: valid(1)
GET operation retrieves configuration information for all selected entities. The following state indicates the meaning of a tuxTAclPermState returned in response to a GET request. States not listed are not returned.
valid(1)
tuxTAclPermState instance is defined. Note that valid(1) is the only valid state for this class. ACL permissions are never active.
SET: invalid(2)
SET operation updates configuration information for the selected tuxTAclPermState instance. The following state indicates the meaning of a tuxTAclPermState set in a SET request. States not listed might not be set.
invalid(2)
tuxTAclPermState instance for application. State change allowed only when in the valid(1) state. Successful return leaves the object in the invalid(2) state.
| Note: | The tuxTAclPermTable instance refers to all groupids related to a particular tuxTAclPermName in the table. |
The tuxTAclPrinTbl group contains objects that represent users or domains that can access a Tuxedo application and the group with which they are associated. To join the application as a specific user, it is necessary to present a user-specific password. To create a new row in this table, it is necessary to issue a SET request for a non-existing row (instance).
Logical name of the user or domain (a principal). A principal name is a string of printable characters and cannot contain a pound sign, colon, or newline.
| Note: | This object can be set only during row creation. |
The client name associated with the user. It generally describes the role of the associated user and provides a further qualifier on the user entry. If the client name is not specified at creation time, the default is the wildcard asterisk (*). A client name is a string of printable characters and cannot contain a colon or newline.
Unique user identification number. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
| Note: | This object can be set only during row creation. |
Group identifier associated with this user. A value of 0 indicates the default group other. If the group identifier is not specified at creation time, the default value 0 is assigned.
The clear-text authentication password for the associated user. Note that the system automatically encrypts this information on behalf of the administrator.
INTEGER { valid(1), invalid(2) }
The values for GET and SET operations are as follows:
GET: valid(1)
GET operation retrieves configuration information for the selected tuxTAclPrinTbl instance(s). The following state indicates the meaning of tuxTAclPrinState:
valid(1)
tuxTAclPrinTbl instance is defined and inactive. Note that valid(1) is the only valid state for this class. ACL principals are never active.
SET: invalid(2)
SET operation updates configuration information for the selected tuxTAclPrinTbl instance. The following state indicates the meaning of a tuxTAclPrinState set in a SET request. States not listed might not be set.
invalid(2)
tuxTAclPrinTbl instance for application. State change is allowed only when in the valid(1) state. Successful return leaves the object in the invalid(2) state.
|