HP-UX SNAplus2 R7 Administration Command Reference

ManualsBrandsHP ManualsSoftwareHP-UX SNAplus2 Software

201

202

203

204

205

206

207

208

209

210

Administration Commands

deﬁne_security_access_list

Other Conditions

Appendix A, Common Return Codes from snapadmin Commands, lists combinations of primary and secondary

return codes that are common to all commands.

2.52.4 Incoming Calls

If you are conﬁguring a port that accepts incoming calls (as deﬁned by the tot_link_act_lim, inb_link_act_lim,

and out_link_act_lim parameters), there is generally no need to deﬁne an LS to use for these calls; SNAplus2

will dynamically deﬁne an LS when the incoming call is received. However, if the incoming calls are from a

host computer that supports dependent LUsor from a downstream computer using PU concentration, you need to

explicitly deﬁne an LS because the LS deﬁnition includes the name of the PU associated with the dependent LUs

or the name of the downstream PU.

When an incoming call arrives at the port, SNAplus2 checks the address speciﬁed on the call against the addresses

speciﬁed for link stations deﬁned on the port (if any) to determine if an LS has already been deﬁned for the call.

If the address does not match, an LS is dynamically deﬁned. To ensure that the explicit LS deﬁnition (including

the required PU name) is used, be sure that the address deﬁned for this LS matches the address that is supplied by

the host or the downstream computer on the incoming call.

2.53 deﬁne_security_access_list

The define_security_access_list command deﬁnes a list of users who can access a particular local LU or

invokable TP, so that access to that LU or TP is restricted to the named users. It can also be used to add user names

to an existing security access list. The user names in the list are deﬁned using the define_userid_password

command.

To restrict access for a particular local LU or invokable TP, you need to do the following.

1. Ensure that each authorized user of the LU or TP is deﬁned using the define_userid_password command.

2. Use the define_security_access_list command to deﬁne a security access list containing all of these

user IDs.

3. Specify the name of this security access list on the define_local_lu or define_tp command that deﬁnes

the LU or TP.

When an incoming Allocate request arrives for a local LU or an invokable TP that has a security access list deﬁned,

the invoking application must indicate that conversation security is to be used, and specify a user ID. In addition to

the standard conversation security checking (against user IDs speciﬁed using the define_userid_password

command), SNAplus2 checks the user ID in the incoming allocate request against the security access list deﬁned

for the LU or TP, and rejects the conversation if the user ID does not match. If both the LU and the TP have

security access lists deﬁned, the user ID must be in both lists.

If a local LU or an invokable TP does not have a security access list deﬁned, but is still conﬁgured to require

conversation security, the standard conversation security checking still applies.

2.53.1 Supplied Parameters

Parameter name Type Length Default

[define_security_access_list]

list_name character 14

description character 31 (null string)

{security_user_data}

user_name character 10

210