This documentation supports an earlier version of BMC Helix Operations Management.

To view the documentation for the latest version, select 23.1 from the Product version picker.

Setting up ACLs to control PATROL Agent access

Use PATROL Agent Access Control Lists (ACLs) to restrict user access to specific PATROL Agents. For example, you want to ensure that only database administrators are able to see all database devices. For this purpose, in an ACL, configure the query condition that identifies all database devices. Then, for an authorization profile, select the user group created for the database administrators and select the ACL that identifies all database devices.

Without a PATROL Agent ACL in an authorization profile, all users can access all PATROL Agents. 

Tip

When you specify other types of objects in an authorization profile, you enable access. PATROL Agent ACLs are different in that they restrict access to PATROL Agents not specified in the ACL.

Example

A PATROL Agent ACL that specifies "Host name matches .*.labs.acme.com" restricts the user to those PATROL Agents on systems that have host names ending with .labs.acme.com. Users associated with this authorization profile cannot access any PATROL Agents on other systems. 

The PATROL Agent ACL editor provides menus, lists, and text boxes that you can use to construct the condition statements. When the ACL contains multiple conditions, you can indicate whether the statements are optional or required by choosing a logical operator.ACL condition statements

You must specify every attribute in a condition statement. Use double and triple open and closing parentheses to nest properties. The following table lists the properties and comparison operators that you can use to construct condition statements.

Comparison operator next

Property


contains

does not
contain

does not
equal 
ends
with 
equalsgreater
than 
greater than
or equal 
in the
range 
starts
with 
less
than 
less than
or equal 

matches1
Agent Host Name  +++   +  +
Agent Port  + +++  ++ 
Agent version  + +++  ++ 
Agent Operating System++          
Agent IP Address2  + +  +    
Agent Tag    +       

1 – You can use Java regular expressions to specify patterns.

2 – For IPv6, you must specify patterns with Java regular expressions.

Tip

Plan the PATROL Agent ACL conditions carefully before creating them, as you cannot rearrange the conditions after you add it.

 

To create or edit an ACL

  1. On the Administration > PATROL Agent ACLs page, proceed in one of the following ways:
    • To create an ACL: Click Create, and follow these steps.
      1. Specify a unique name and optional description for the ACL.
      2. Create at least one ACL condition. If required, add new rows to create additional conditions. 
    • To edit an ACL:  Click Edit on the ACL action menu. Then, add or remove condition rows, or change the name and description of the ACL.
  2. Save the changes.

To delete an ACL

On the Administration > PATROL Agent ACLs page, click Delete on the ACL action menu, and confirm the deletion.

Was this page helpful? Yes No Submitting... Thank you

Comments