Walkthrough: Creating an ACL based time window to restrict users from running jobs
This walkthrough is mainly target for security administrators and patch administrators. In this walkthrough we are going to demonstrate how you can use the ACL policy time window to allow patching users to run deploy jobs only on weekends. Allowing patching users to run deploy jobs only on weekends can help prevent your servers from being over utilized.
What is an ACL policy time window?
While creating an ACL policy, you can create a time window, during which a role is assigned one or more additional authorizations. The role is assigned the additional authorizations only during that time window. For example, in the context of Patching, you might want to allow Patching users to run catalog update jobs or analysis jobs at any time, but restrict them to executing remediation jobs only on weekends.
The ACL policy time window is a complex feature and requires background knowledge of users, roles, authorizations and BSA objects. For information about these concepts, see Managing-access.
Before you begin
To simplify the task of assigning ACL policies to a large number of servers, you can prepare server groups or server smart groups based on criteria that are relevant to your business needs.
Refer to the following pages for information about creating server groups or server smart groups:
- Server groups: For information about creating a static group of servers, see Assigning-servers-to-server-groups.
Server smart groups: For a step-by-step example on creating a dynamic group of servers, see Walkthrough-Dynamically-organizing-assets-with-smart-groups.
How to use ACL policy time window to allow a specific set of users to run deploy jobs?