An access control list (ACL) is a list that specifies who and what is authorized to access TUXEDO system objects. The ACL MIB enables a system manager to administer TUXEDO security through authenticating users, setting permissions, and controlling access. The ACL MIB defines the objects controlled by the ACL facility. These MIB objects are grouped into three major categories. The following table lists groups that comprise the ACL MIB.
ACL group
ACL permissions
ACL principal (users or domains)
For TUXEDO security, define application security options in the Domain group. This group lets you specify a user identity and security type used by your TUXEDO application. The users and remote domains in an application that need authentication and authorization are collectively known as principals. The managed objects for getting or setting the values of principals are defined in the The .1.3.6.1.4.1.140.300.11.1.1.1.1
.1.3.6.1.4.1.140.300.11.1.1.1.2
.1.3.6.1.4.1.140.300.11.1.1.1.3
Group Name
Description
tuxTAclPrinTbl group. The managed objects for getting or setting the values of ACL groups are defined in the tuxTAclGrpTable. The ACL MIB, as a whole, specifies the principals and access control lists for TUXEDO applications services, application queues, and events. You can define these ACL permissions for service, event, and application queue names. The managed objects that enable you to do this are defined in the tuxTAclPermTable group. All of these ACL MIB groups and their objects are described in the following sections.
tuxTAclGrpTable
tuxTAclGrpTable group represents groups of TUXEDO application users and domains. The following table lists the managed objects that are part of the tuxTAclGrpTable group. To create a new row in the table, it is necessary to issue a SET request for a non-existing row.
Variable Name
Object ID
tuxTAclGrpName
tuxTAclGrpId
tuxTAclGrpState
tuxTAclGrpName
Syntax
DisplayString(SIZE(1..30))Access
read-write
Description
Logical name of the group. A group name is a string of printable characters and cannot contain a pound sign, comma, colon, or newline.
Note: This object can be set only during row creation.
Syntax
INTEGER(0..16384)Access
read-write
Description
Group identifier associated with this user. A value of 0 indicates the default group
other. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
Syntax
INTEGER { valid(1), invalid(2) }Access
read-write
Description
The values for
GETandSEToperations are as follows:
GET: valid(1)- A
GEToperation will retrieve configuration information for the selectedtuxTAclGrpTableinstance(s). The following state indicates the meaning of atuxTAclGrpStatereturned in response to aGETrequest. States not listed will not be returned.
valid(1)tuxTAclGrpTableinstance is defined and inactive. Note that this is the only valid state for this class. ACL groups are never active.SET: invalid(2)- A
SEToperation will update configuration information for the selectedtuxTAclGrpTableinstance. The following state indicates the meaning of atuxTAclGrpStateset in aSETrequest. States not listed may not be set.
invalid(2)- Delete
tuxTAclGrpTableinstance for application. Successful return removes the instance from the table.
The tuxTAclPermTable group indicates what groups are allowed to access TUXEDO system entities. These entities are named via a string. The names currently represent service names, event names, and application queue names. To create a new row in this table, it is necessary to issue a SET request for a non-existing row that specifies at least the values for tuxTAclPermName and tuxTAclPermType.
Syntax
DisplayString(SIZE(1..30))Access
read-write
Description
The name of the entity for which permissions are being granted. The name can represent a service name, an event name, and/or a queue name. An ACL name is a string of printable characters and cannot contain a colon, pound sign, or newline.
Note: This object can be set only during row creation.
Syntax
INTEGER { enq(1), deq(2), service(3), postevent(4) }Access
read-write
Description
The type of the entity for which permissions are being granted.
Note: This object can be set only during row creation.
Syntax
DisplayString(SIZE(0..800))Access
read-write
Description
A comma separated list of group identifiers (numbers) that are permitted access to the associated entity.
Syntax
INTEGER { valid(1), invalid(2) }Access
read-write
Description
The values for
GETandSEToperations are as follows:
GET: valid(1)- A
GEToperation will retrieve configuration information for all selected entities. The following state indicates the meaning of atuxTAclPermStatereturned in response to aGETrequest. States not listed will not be returned.
valid(1)tuxTAclPermStateinstance is defined. Note that this is the only valid state for this class. ACL permissions are never active.SET: invalid(2)- A
SEToperation will update configuration information for the selectedtuxTAclPermStateinstance. The following state indicates the meaning of atuxTAclPermStateset in aSETrequest. States not listed may not be set.
invalid(2)- Delete
tuxTAclPermStateinstance for application. State change allowed only when in thevalid(1)state. Successful return leaves the object in theinvalid(2)state.Note that the
tuxTAclPermTableinstance refers to all groupids related to a particulartuxTAclPermNamein the table.
The tuxTAclPrinTbl group represents users or domains that can access a TUXEDO application and the group with which they are associated. To join the application as a specific user, it is necessary to present a user-specific password. To create a new row in this table, it is necessary to issue a SET request for a non-existing row (instance).
Syntax
DisplayString(SIZE(1..30))Access
read-write
Description
Logical name of the user or domain (a principal). A principal name is a string of printable characters and cannot contain a pound sign, colon, or newline.
Note: This object can be set only during row creation.
Syntax
DisplayString(SIZE(1..30))Access
read-write
Description
The client name associated with the user. It generally describes the role of the associated user and provides a further qualifier on the user entry. If not specified at creation time, the default is the wildcard asterisk (*). A client name is a string of printable characters and cannot contain a colon or newline.
Syntax
INTEGER(1..131072)Access
read-write
Description
Unique user identification number. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.
Note: This object can be set only during row creation.
Syntax
INTEGER(0..16384)Access
read-write
Description
Group identifier associated with this user. A value of 0 indicates the default group
other. If not specified at creation time, the default value 0 is assigned.
Syntax
DisplayStringAccess
read-write
Description
The clear-text authentication password for the associated user. Note that the system will automatically encrypt this information on behalf of the administrator.
Syntax
INTEGER { valid(1), invalid(2) }Access
read-write
Description
The values for
GETandSEToperations are as follows:
GET: valid(1)- A
GEToperation will retrieve configuration information for the selectedtuxTAclPrinTblinstance(s). The following state indicates the meaning oftuxTAclPrinState:
valid(1)tuxTAclPrinTblinstance is defined and inactive. Note that this is the only valid state for this class. ACL principals are never active.SET: invalid(2)- A
SEToperation will update configuration information for the selectedtuxTAclPrinTblinstance. The following state indicates the meaning of atuxTAclPrinStateset in aSETrequest. States not listed may not be set.
invalid(2)- Delete
tuxTAclPrinTblinstance for application. State change allowed only when in thevalid(1)state. Successful return leaves the object in theinvalid(2)state.