Setting up ACLs to control PATROL Agent access
Use PATROL Agent Access Control Lists (ACLs) to restrict user access to specific PATROL Agents. For example, you want to ensure that only database administrators are able to see all database devices. For this purpose, in an ACL, configure the query condition that identifies all database devices. Then, for an authorization profile, select the user group created for the database administrators and select the ACL that identifies all database devices.
Without a PATROL Agent ACL in an authorization profile, all users can access all PATROL Agents.
Tip
When you specify other types of objects in an authorization profile, you enable access. PATROL Agent ACLs are different in that they restrict access to PATROL Agents not specified in the ACL.
The PATROL Agent ACL editor provides menus, lists, and text boxes that you can use to construct the condition statements. When the ACL contains multiple conditions, you can indicate whether the statements are optional or required by choosing a logical operator.ACL condition statements
You must specify every attribute in a condition statement. Use double and triple open and closing parentheses to nest properties. The following table lists the properties and comparison operators that you can use to construct condition statements.
Comparison operator Property | contains | does not | does not equal | ends with | equals | greater than | greater than or equal | in the range | starts with | less than | less than or equal | matches1 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Agent Host Name | + | + | + | + | + | |||||||
Agent Port | + | + | + | + | + | + | ||||||
Agent version | + | + | + | + | + | + | ||||||
Agent Operating System | + | + | ||||||||||
Agent IP Address2 | + | + | + | |||||||||
Agent Tag | + | |||||||||||
1 – You can use Java regular expressions to specify patterns. 2 – For IPv6, you must specify patterns with Java regular expressions. |
Tip
Plan the PATROL Agent ACL conditions carefully before creating them, as you cannot rearrange the conditions after you add it.
To create or edit an ACL
- On the Administration > PATROL Agent ACLs page, proceed in one of the following ways:
- To create an ACL: Click Create, and follow these steps.
- Specify a unique name and optional description for the ACL.
- Create at least one ACL condition. If required, add new rows to create additional conditions.
- To edit an ACL: Click Edit on the ACL action menu. Then, add or remove condition rows, or change the name and description of the ACL.
- To create an ACL: Click Create, and follow these steps.
- Save the changes.
To delete an ACL
On the Administration > PATROL Agent ACLs page, click Delete on the ACL action menu, and confirm the deletion.
Comments
Log in or register to comment.