HP-UX SNAplus2 NOF Programmer's Guide
NOF API Verbs (ACTIVATE_SESSION to OPEN_FILE)
DEFINE_SECURITY_ACCESS_LIST
Chapter 3 375
DEFINE_SECURITY_ACCESS_LIST
DEFINE_SECURITY_ACCESS_LIST defines a list of users who can
access a particular local LU or invokable TP, so that access to that LU or
TP is restricted to the named users. It can also be used to add user
names to an existing security access list. The user names in the list are
defined using the DEFINE_USERID_PASSWORD verb.
To restrict access for a particular local LU or invokable TP, you need to
do the following:
• Ensure that each authorized user of the LU or TP is defined using
the DEFINE_USERID_PASSWORD verb.
• Use the DEFINE_SECURITY_ACCESS_LIST verb to define a
security access list containing all of these user IDs.
• Specify the name of this security access list on the
DEFINE_LOCAL_LU or DEFINE_TP verb that defines the LU or
TP.
When an incomingAllocate request arrivesfor a localLU or aninvokable
TP that has a security access list defined, the invoking application must
indicate that conversation security is to be used, and specify a user ID. In
addition to the standard conversation security checking (against user
IDs specified using the DEFINE_USERID_PASSWORD verb), SNAplus2
checks the user ID in the incoming allocate request against the security
access list defined for the LU or TP, and rejects the conversation if the
user ID does not match. If both the LU and the TP have security access
lists defined, the user ID must be in both lists.
If a local LU or an invokable TP does not have a security access list
defined, but is still configured to require conversation security, the
standard conversation security checking still applies.
VCB Structure
The DEFINE_SECURITY_ACCESS_LIST verb contains a variable
number of security_user_data structures; these define the user names
to be added to the security access list.