The /AgentSetup/accessControlList variable controls which users are authorized to connect to an agent in which modes from which hosts.
Format and type of data | For each access control list (ACL), the format is a comma-separated list of entries. Each entry has the following format: |
Default value | */*/CDOPSR |
Minimum and maximum | Not applicable |
Dependencies | None |
Recommendation | See the following sections |
The following table explains the agent connection modes.
Access Control List connection modes
Mode | Description |
---|---|
C | The C (configure) mode controls the context of commands that are run on the PATROL Agent.
|
D and O | The D (developer) and O (operator) connection modes control the connection type between the agent and console:
|
P | The P (PEM) connection mode controls access to the agent using the PEMAPI.
|
R | The R (allow operator overrides) mode allows operator overrides on agents and consoles only if the following variable is set to true in patrol.conf: allowoverrideparameter. |
S | The S (System Output Window Display) mode allows display of the interactive operating system prompt if the following variable is set to 1: |
Note
The default account must have C mode access to the PATROL Agent.
By default, the PATROL Agent runs discovery, collection, and recovery actions as the defaultaccount, and commands run from the System Output window, InfoBoxes, and menus are run using the console connection account.
The default behavior is changed by using the following PATROL Agent variables:
/AgentSetup/<appl>.OSdefaultAccount" = {REPLACE="<user>"}
/AgentSetup/<appl.inst>.OSdefaultAccount" = {REPLACE="<user>" }
/AgentSetup/<appl>.OSdefaultAccountAppliesToCmds" = {REPLACE="no"}