×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Server Automation 8.3 ... Planning Permissions Default permissions and security configuration

Controlling access at the agent level

BMC Server Automation lets you control access to servers at the agent level. Configuration files on the RSCD agent let you define who can access servers and how users communicate with those servers.

For many BMC Server Automation installations, you do not have to modify the agent configuration files. The system's default configuration provides sufficient functionality and appropriate user permissions. If your installation requires additional refinement, you should understand the default configuration of BMC Server Automation.

Default settings

When you install BMC Server Automation on clients and servers, the following permissions and security configurations are set by default for each RSCD agent:

  • All clients are granted read/write access to all servers.
  • All clients and servers are set to communicate using protocol 5, a BMC Server Automation protocol for secure communication based on Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL). With protocol 5, TLS automatically negotiates the strongest form of encryption that clients and servers can support.
  • Users are granted permissions on managed servers through two different processes:
    • For Windows servers, users can be granted permissions through a process called Windows user mapping. This process enables a role to be mapped to a local or domain user who has permissions for a Windows server. For more information about Windows user mapping, see Windows user mapping and agent ACLs.
    • In all other situations, users can be granted permissions through a process of user impersonation (for all UNIX servers) or user privilege mapping (for Windows). For either of these approaches, when a user attempts to connect to an agent, the agent maps the user to an identity using the following steps:
  • First the agent determines if the user has an equivalent identity on the server machine. If so, the connecting user is granted the permissions of that equivalent user. However, root users on UNIX are not automatically mapped to root, and members of the Administrator group in Windows are not automatically mapped to Administrator.
  • If a user does not have an equivalent local identity on the server, the agent maps the incoming user to a default user with downgraded permissions. On UNIX, users are mapped to user "nobody." On Windows, users are mapped to user "Anonymous." Incoming users can be granted the permissions of a specified user, but that requires modification of the configuration files.

For a description of how users are granted permissions on servers, see How BMC Server Automation grants access to RSCD agents.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Fran Coughlin on Jul 13, 2012
access_control agent

Comments

Log in or register to comment.

Controlling access by role and object
Default authentication method
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.