Section 5 - File Formats, Data Descriptions, MIBs, and System Processes Reference

File Formats, Data Descriptions, MIBs, and System Processes Reference

T_ACLPRINCIPAL Class Definition

Overview

The T_ACLPRINCIPAL class represents users or domains that can access a BEA Tuxedo application and the group with which they are associated. To join the application as a specific user, it is necessary to present a user-specific password.

Attribute Table

Table 5 ACL_MIB(5): T_ACLPRINCIPAL Class Definition Attribute Table

Attribute

Type

Permissions

Values

Default

`TA_PRINNAME`( r )( * )

string

`rU-------`

`string`[1..30]

N/A

`TA_PRINCLTNAME`( k )

string

`rw-------`

`string`[1..30]

`""`

`TA_PRINID`( k )

long

`rU-------`

1 <= `num` < 131,072

lowest id

`TA_PRINGRP`( k )

long

`rw-------`

0 <= `num` < 16,384

0

`TA_PRINPASSWD`

string

`rwx------`

`string`

N/A

`TA_STATE`

string

`rw-------`

`GET`: `"INA"`

`SET`: `"`{`NEW` | `INV`}`"`

N/A

N/A

( k )—`GET` key field
( r )—required field for object creation (`SET TA_STATE NEW`)
( )—`GET/SET` key, one or more required for `SET` operations

Attribute Semantics

Attribute	Type	Permissions	Values	Default
`TA_PRINNAME`( r )( * )	string	`rU-------`	`string`[1..30]	N/A
`TA_PRINCLTNAME`( k )	string	`rw-------`	`string`[1..30]	`"*"`
`TA_PRINID`( k )	long	`rU-------`	1 <= `num` < 131,072	lowest id
`TA_PRINGRP`( k )	long	`rw-------`	0 <= `num` < 16,384	0
`TA_PRINPASSWD`	string	`rwx------`	`string`	N/A
`TA_STATE`	string	`rw-------`	`GET`: `"INA"` `SET`: `"`{`NEW` \| `INV`}`"`	N/A N/A
( k )—`GET` key field ( r )—required field for object creation (`SET TA_STATE NEW`) ( * )—`GET/SET` key, one or more required for `SET` operations

TA_PRINNAME: string

Logical name of the user or domain (a principal). A principal name is a string of printable characters and cannot contain a pound sign, colon, or newline.

TA_PRINCLTNAME: string

The client name associated with the user. It generally describes the role of the associated user, and provides a further qualifier on the user entry. If not specified at creation time, the default is the wildcard asterisk (*). A client name is a string of printable characters and cannot contain a colon, or newline.

TA_PRINID: 1 <= num < 131,072

Unique user identification number. If not specified at creation time, it defaults to the next available (unique) identifier greater than 0.

TA_PRINGRP: 0 <= num < 16,384

Group identifier associated with this user. A value of 0 indicates the default group "other." If not specified at creation time, the default 0 is assigned.

TA_PRINPASSWD: string

TA_STATE:

GET: {VALid}

A GET operation will retrieve configuration information for the selected T_ACLPRINCIPAL object(s). The following states indicate the meaning of a TA_STATE returned in response to a GET request.

VALid

T_ACLPRINCIPAL object is defined and inactive. Note that this is the only valid state for this class. ACL principals are never active.

SET: {NEW | INValid}

A SET operation will update configuration information for the selected T_ACLPRINCIPAL object. The following states indicate the meaning of a TA_STATE set in a SET request. States not listed may not be set.

`NEW`	Create `T_ACLPRINCIPAL` object for application. State change allowed only when in the `INValid` state. Successful return leaves the object in the `VALid` state.
`unset`	Modify an existing `T_ACLPRINCIPAL` object. This combination is not allowed in the `INValid` state. Successful return leaves the object state unchanged.
`INValid`	Delete `T_ACLPRINCIPAL` object for application. State change allowed only when in the `VALid` state. Successful return leaves the object in the `INValid` state.

Limitations

A user or domain can be associated with exactly one ACL group. For someone to take on more than one role or be associated with more than one group, multiple principal entries must be defined.