×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

   

This documentation supports an earlier version of BMC Helix Operations Management. Use the Product version picker to select and view the latest version of documentation.
BMC Helix Operations Management 22.1 Setting up access control

Setting up ACLs to control PATROL Agent access

Use PATROL Agent Access Control Lists (ACLs) to restrict user access to specific PATROL Agents. For example, you want to ensure that only database administrators are able to see all database devices. For this purpose, in an ACL, configure the query condition that identifies all database devices. Then, for an authorization profile, select the user group created for the database administrators and select the ACL that identifies all database devices.

Without a PATROL Agent ACL in an authorization profile, all users can access all PATROL Agents. 

Tip

When you specify other types of objects in an authorization profile, you enable access. PATROL Agent ACLs are different in that they restrict access to PATROL Agents not specified in the ACL.

Example

A PATROL Agent ACL that specifies "Host name matches .*.labs.acme.com" restricts the user to those PATROL Agents on systems that have host names ending with .labs.acme.com. Users associated with this authorization profile cannot access any PATROL Agents on other systems. 

The PATROL Agent ACL editor provides menus, lists, and text boxes that you can use to construct the condition statements. When the ACL contains multiple conditions, you can indicate whether the statements are optional or required by choosing a logical operator.ACL condition statements

You must specify every attribute in a condition statement. Use double and triple open and closing parentheses to nest properties. The following table lists the properties and comparison operators that you can use to construct condition statements.

Comparison operator next

Property


contains

does not
contain

does not
equal 		ends
with 		equalsgreater
than 		greater than
or equal 		in the
range 		starts
with 		less
than 		less than
or equal 
matches1
Agent Host Name  +++   +  +
Agent Port  + +++  ++ 
Agent version  + +++  ++ 
Agent Operating System++          
Agent IP Address2  + +  +    
Agent Tag    +       

1 – You can use Java regular expressions to specify patterns.

2 – For IPv6, you must specify patterns with Java regular expressions.

Tip

Plan the PATROL Agent ACL conditions carefully before creating them, as you cannot rearrange the conditions after you add it.

 

To create or edit an ACL

  1. On the Administration > PATROL Agent ACLs page, proceed in one of the following ways:
    • To create an ACL: Click Create, and follow these steps.
      1. Specify a unique name and optional description for the ACL.
      2. Create at least one ACL condition. If required, add new rows to create additional conditions. 
    • To edit an ACL:  Click Edit on the ACL action menu. Then, add or remove condition rows, or change the name and description of the ACL.
  2. Save the changes.

To delete an ACL

On the Administration > PATROL Agent ACLs page, click Delete on the ACL action menu, and confirm the deletion.
Was this page helpful? Yes No Submitting... Thank you
Last modified by Priyanka Nanwani on Sep 08, 2021
security administration access_control patrol_agent task help_create_acls help_acls

Comments

Log in or register to comment.

Setting up groups
Integrating with BMC Helix ITSM
© Copyright 2020-2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.