An access control list (ACL) is a list that specifies who and what is authorized to access TUXEDO system objects. The ACL MIB enables a system manager to administer TUXEDO security through authenticating users, setting permissions, and controlling access. The ACL MIB defines the objects controlled by the ACL facility. These MIB objects are grouped into three major categories. The following table lists groups that comprise the ACL MIB.
ACL group
ACL permissions
ACL principal (users or domains)
For TUXEDO security, define application security options in the Domain group. This group lets you specify a user identity and security type used by your TUXEDO application. The users and remote domains in an application that need authentication and authorization are collectively known as principals. The managed objects for getting or setting the values of principals are defined in the The .1.3.6.1.4.1.140.300.11.1.1.1.1
.1.3.6.1.4.1.140.300.11.1.1.1.2
.1.3.6.1.4.1.140.300.11.1.1.1.3
Group Name
Description
tuxTAclPrinTbl
group. The managed objects for getting or setting the values of ACL groups are defined in the tuxTAclGrpTable
. The ACL MIB, as a whole, specifies the principals and access control lists for TUXEDO applications services, application queues, and events. You can define these ACL permissions for service, event, and application queue names. The managed objects that enable you to do this are defined in the tuxTAclPermTable
group. All of these ACL MIB groups and their objects are described in the following sections.
tuxTAclGrpTable
tuxTAclGrpTable
group represents groups of TUXEDO application users and domains. The following table lists the managed objects that are part of the tuxTAclGrpTable
group. To create a new row in the table, it is necessary to issue a SET
request for a non-existing row.
Variable Name
Object ID
tuxTAclGrpName
tuxTAclGrpId
tuxTAclGrpState
tuxTAclGrpName
Syntax
DisplayString
(SIZE
(1..30
))Access
read-write
Description
Logical name of the group. A group name is a string of printable characters and cannot contain a pound sign, comma, colon, or newline.
Note: This object can be set only during row creation.
Syntax
INTEGER
(0..16384)
Access
read-write
Description
Group identifier associated with this user. A value of 0 indicates the default group
other
. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
Syntax
INTEGER { valid(1), invalid(2) }
Access
read-write
Description
The values for
GET
andSET
operations are as follows:
GET: valid(1)
- A
GET
operation will retrieve configuration information for the selectedtuxTAclGrpTable
instance(s). The following state indicates the meaning of atuxTAclGrpState
returned in response to aGET
request. States not listed will not be returned.
valid(1)
tuxTAclGrpTable
instance is defined and inactive. Note that this is the only valid state for this class. ACL groups are never active.SET: invalid(2)
- A
SET
operation will update configuration information for the selectedtuxTAclGrpTable
instance. The following state indicates the meaning of atuxTAclGrpState
set in aSET
request. States not listed may not be set.
invalid(2)
- Delete
tuxTAclGrpTable
instance for application. Successful return removes the instance from the table.
The tuxTAclPermTable
group indicates what groups are allowed to access TUXEDO system entities. These entities are named via a string. The names currently represent service names, event names, and application queue names. To create a new row in this table, it is necessary to issue a SET
request for a non-existing row that specifies at least the values for tuxTAclPermName
and tuxTAclPermType
.
Syntax
DisplayString
(SIZE
(1..30
))Access
read-write
Description
The name of the entity for which permissions are being granted. The name can represent a service name, an event name, and/or a queue name. An ACL name is a string of printable characters and cannot contain a colon, pound sign, or newline.
Note: This object can be set only during row creation.
Syntax
INTEGER { enq(1), deq(2), service(3), postevent(4) }
Access
read-write
Description
The type of the entity for which permissions are being granted.
Note: This object can be set only during row creation.
Syntax
DisplayString
(SIZE
(0..800
))Access
read-write
Description
A comma separated list of group identifiers (numbers) that are permitted access to the associated entity.
Syntax
INTEGER { valid(1), invalid(2) }
Access
read-write
Description
The values for
GET
andSET
operations are as follows:
GET: valid(1)
- A
GET
operation will retrieve configuration information for all selected entities. The following state indicates the meaning of atuxTAclPermState
returned in response to aGET
request. States not listed will not be returned.
valid(1)
tuxTAclPermState
instance is defined. Note that this is the only valid state for this class. ACL permissions are never active.SET: invalid(2)
- A
SET
operation will update configuration information for the selectedtuxTAclPermState
instance. The following state indicates the meaning of atuxTAclPermState
set in aSET
request. States not listed may not be set.
invalid(2)
- Delete
tuxTAclPermState
instance for application. State change allowed only when in thevalid(1)
state. Successful return leaves the object in theinvalid(2)
state.Note that the
tuxTAclPermTable
instance refers to all groupids related to a particulartuxTAclPermName
in the table.
The tuxTAclPrinTbl
group represents users or domains that can access a TUXEDO application and the group with which they are associated. To join the application as a specific user, it is necessary to present a user-specific password. To create a new row in this table, it is necessary to issue a SET
request for a non-existing row (instance).
Syntax
DisplayString
(SIZE
(1..30
))Access
read-write
Description
Logical name of the user or domain (a principal). A principal name is a string of printable characters and cannot contain a pound sign, colon, or newline.
Note: This object can be set only during row creation.
Syntax
DisplayString
(SIZE
(1..30
))Access
read-write
Description
The client name associated with the user. It generally describes the role of the associated user and provides a further qualifier on the user entry. If not specified at creation time, the default is the wildcard asterisk (*). A client name is a string of printable characters and cannot contain a colon or newline.
Syntax
INTEGER
(1..131072
)Access
read-write
Description
Unique user identification number. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
Note: This object can be set only during row creation.
Syntax
INTEGER
(0..16384
)Access
read-write
Description
Group identifier associated with this user. A value of 0 indicates the default group
other
. If not specified at creation time, the default value 0 is assigned.
Syntax
DisplayString
Access
read-write
Description
The clear-text authentication password for the associated user. Note that the system will automatically encrypt this information on behalf of the administrator.
Syntax
INTEGER { valid(1), invalid(2) }
Access
read-write
Description
The values for
GET
andSET
operations are as follows:
GET: valid(1)
- A
GET
operation will retrieve configuration information for the selectedtuxTAclPrinTbl
instance(s). The following state indicates the meaning oftuxTAclPrinState
:
valid(1)
tuxTAclPrinTbl
instance is defined and inactive. Note that this is the only valid state for this class. ACL principals are never active.SET: invalid(2)
- A
SET
operation will update configuration information for the selectedtuxTAclPrinTbl
instance. The following state indicates the meaning of atuxTAclPrinState
set in aSET
request. States not listed may not be set.
invalid(2)
- Delete
tuxTAclPrinTbl
instance for application. State change allowed only when in thevalid(1)
state. Successful return leaves the object in theinvalid(2)
state.