User classes

 Top  Previous  Next

Whenever the region administrator wants to define more users sharing the same attributes and access rights, it is possible to define an userclass.

An userclass is a collection of user attributes: all the users belonging to the userclass inherit the attributes defined in it. Those attributes defined in the user's definition too (define user) override the userclass's ones.

To define an userclass, use the directive define userclass.

Syntax

define userclass name=<value>,
auth="<value>"
[opid=<value>],
[opclass=<hex-value>],
[ldap_filter="<value>";

      

name

This is the class identifier, eight alphanumeric chars to be referenced in the "define user".

opid

This is the operator identifier, three alphanumeric chars.

auth

Specifies all the protections level authorized for the user. The parameter must be quoted, and the levels must be separed by comma (i.e. "1,5,7"). Range values are admitted (i.e "1,2,4-8,10-18,64"). Level value must be bewteen 1 and 64.

opclass

It is a binary format number matrix representing the classes which the operator belongs to ( from 1 to 24). The matrix is structured in blocks of eight elements, which represent the classes sequence from 1 to 24. Positions containing 1 indicate classes the operator belongs to, while 0 represents classes unavailable for the operator.

ldap_filter

When XCICS/TS auth_mode is set to "ldap", all the LDAP entries that satisfy the filter are defined as XCICS users and bind to the userclass. The filter must be coded according to LDAP filters rules (i.e. "(&(objectClass=inetOrgPerson) (ou=Product Development)))".

A practical example

#
# using external password repository
#
set passwd_file=$HOME/etc/xpasswd;
set default_user=GUEST;
#
# users classes
#
define userclass name=CLSGUEST, opid=GST, auth="1", opclass=000000;
define userclass name=CLSOPER,  opid=USR, auth="1-16,32,33,40-50", opclass=00FFFF;
define userclass name=CLSADMIN, opid=ALL, auth="1-64", opclass=FFFFFF;
#
# users
# guest user definition
#
define user name=GUEST, userclass=CLSGUEST, username="Guest user";
#
# standard users definition
#
define user name=LSKYWALK, userclass=CLSOPER, username="Luke Skywalker";
define user name=JKIRK,    userclass=CLSOPER, username="Cpt. James Kirk";
define user name=RDECKARD, userclass=CLSOPER, username="Rick Deckard", opid=USK;
#
# super-user
#
define user name=FABRIZIO, userclass=CLSADMIN, username="Administrator user";