Role - Agent ACL
The Agent ACL panel lets you enter information that determines how a user establishes a connection to an RSCD agent on a remote server.
BMC Server Automation allows you to perform certain functions when that connection is established, and the definitions you provide on this page control those functions. For example, you can specify that a user with this role has privileges equivalent to root on the remote server. You can associate a Windows automation principal with a role. Or, you can specify that a user with this role only has access to a particular directory on the remote server.
The Agent ACL panel provides most of the same functionality as the users configuration file on an RSCD agent. For more information about the users file, see Users and users.local files overview.
After you have defined a role, you should run an ACL Push Job on servers that the role is authorized to access. The ACL Push Job copies access control list (ACL) information derived from the role definition and uses it to overwrite the users configuration file. After you have pushed ACL information to an agent, the settings you have defined for the role are used to control all incoming connections to that agent. For more information about pushing ACLs, see Controlling server access with agent ACLs.
User must exist on agent
Check to instruct a server to allow a connection from a user only when an account with the same user name exists on the server. This option is analogous to the exists option in the users configuration file.
Specify the hosts from which a user can connect to a server. Separate host names or IP addresses (either IPv4 or IPv6) with a colon, such as
Note: For any host that you specify using its IPv6 address, enclose the IPv6 address in square brackets. For example,
As an alternative to specifying a string of hosts in this field, you can import a text file that contains your list of hosts. To import the list file, click the green plus icon to the right of this field, and then select the list file through the Role - Import Hosts dialog box.
Read Only and Read/Write
Specify whether all users in the role are granted either read-only or read/write permission on servers. You cannot use a role to give read-only permission to some users and read/write permission to others. Use the users.local file to create a more fine-grained set of permissions. For more information, see Users and users.local files overview.
Map to user name
Check to force a user connecting to a server to have the same permissions as a user with that same name on the server. For example, if you check this option and user betty connects to a server, she has the same permissions as those already defined for user betty on the server. If you check this option, a user cannot connect to a server unless an identical user name is already defined on the server.
Define permissions that vary by platform. Click the UNIX tab and enter the following values as they apply to UNIX servers. Then click the WINDOWS tab and enter the following values as they apply to Windows servers: